1

I keep hearing about the XML round trip vulnerability in version 3.2.4 of the Ruby package REXML. I looked into it myself, of course, and it seems to have something to do with parsing an XML document, then putting it back into XML again, and it coming out incorrect or just different than the original.

Presumably, it can be different in dangerous ways.

Is that correct? Can someone link me to resources that explicate this kind of vulnerability, or perhaps help me (and anyone else in the future) understand exactly how this works?

Thanks!

Alex V
  • 190
  • 6

2 Answers2

0

Sigh. I figured it out by reading the HackerOne post that was right there in the Ruby link in my original post.

It's exactly what I thought - you can cleverly form XML that will be parsed and come out differently than expected, sometimes in dangerous ways.

I highly recommend reading the HackerOne post for a very clear explanation, but anyone else who cares to simplify feel welcome to post an additional answer here and I'll accept it.

Alex V
  • 190
  • 6
  • 1
    You could edit your question to elaborate on the dangerous ways and how the attack is used to get the end results, and accept your own question :) – john doe May 01 '21 at 04:55
0

I believe the name is from the Round-trip format conversion term -- https://en.wikipedia.org/wiki/Round-trip_format_conversion

It means that the library user assumes that converting back and forth will bring him back to the same data but his expectation appeared to be wrong.

Nakilon
  • 121
  • 3