Abusing XSLT for Practical Attacks

Explore how XSLT can be exploited for practical attacks in this 44-minute Black Hat conference talk by Fernando Arnaboldi. Delve into the vulnerabilities of XML and its implementations, focusing on XSLT's potential to compromise system integrity, cause code logic failures, and breach user confidentiality. Learn about techniques for affecting arithmetic operations, partially reading system files to disclose sensitive information, and bypassing same-origin policy in web browsers. Witness proof-of-concept attacks demonstrating XSLT's impact on production systems and gain valuable insights into safe development practices to mitigate these risks.

Abusing XSLT For Practical Attacks