XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
These are my notes on instaling NixOS 16.03 on a Lenovo ThinkPad X1 Carbon (4th generation) with an encrypted root file system using UEFI.
Most of this is scrambled from the following pages:
| #include <iostream> | |
| #include <numeric> | |
| #include <vector> | |
| using namespace std; | |
| // In Haskell, the Monoid typeclass is parameterised by only a type. Such a | |
| // definition requires “newtype hacks” to produce different monoids on the same | |
| // type. This definition is parameterised by both the type and the function, and | |
| // as such can be used to define different monoids on the same type without any | |
| // interference. |
| #!/usr/bin/perl | |
| # Author: Todd Larason <jtl@molehill.org> | |
| # $XFree86: xc/programs/xterm/vttests/256colors2.pl,v 1.2 2002/03/26 01:46:43 dickey Exp $ | |
| # use the resources for colors 0-15 - usually more-or-less a | |
| # reproduction of the standard ANSI colors, but possibly more | |
| # pleasing shades | |
| # colors 16-231 are a 6x6x6 color cube | |
| for ($red = 0; $red < 6; $red++) { |