1

According to https://msdn.microsoft.com/en-us/library/mt661872.aspx and https://github.com/dotnet/roslyn-analyzers/issues/563 the code below is vulnerable to DTD expansion attack:

    var src = "?payload?";   
    TextReader tr = new StreamReader(src);   
    XmlSchema schema = XmlSchema.Read(tr, null);

Could someone provide an example (can be for older .NET since in 4.5.2 many defaults were fixed) of the possible malicious payload? I understand possible payloads for xml readers, but what would it be in xsd schema case?

Jaroslav Lobačevski
  • 11
  • 2

0 Answers0