ZAP – XSLT Injection

Details
Alert ID	90017
Alert Type	Active
Status	release
Risk	Medium
CWE	91
WASC	23
Technologies Targeted	All
Tags	CWE-91 OWASP_2017_A01 OWASP_2021_A03
More Info	Scan Rule Help

Summary

Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.

Solution

Sanitize and analyze every user input coming from any client-side.

Other Info

The response to sending an XSLT token included error messages that may indicate a vulnerability to XSLT injections.

References

https://www.contextis.com/blog/xslt-server-side-injection-attacks

Code

org/zaproxy/zap/extension/ascanrules/XsltInjectionScanRule.java