Enable Active Check 74.1
What does this MR do?
Enables Active Check 74.1 - XSLT Injection
What are the relevant issue numbers?
gitlab-org/gitlab#428023 (closed)
Verification
Unable to verify against DVSW - comment on the issue
OWASP WebGoat and DVWA are not vulnerable
Browserker Fixture
Configuration
docker run --rm -v $PWD/output:/output \
--env DAST_BROWSER_SCAN=true \
--env DAST_FULL_SCAN_ENABLED=true \
--env DAST_ONLY_INCLUDE_RULES="74.1" \
--env DAST_BROWSER_NUMBER_OF_BROWSERS=1 \
--env DAST_BROWSER_MAX_ACTIONS=100 \
--env DAST_DEBUG=1 \
--env DAST_ZAP_LOG_CONFIGURATION="rootLogger.level=debug" dast:$(git branch --no-color --show-current) /analyze -t 'http://host.docker.internal:8098/'
Logs
# attack registered
2023-10-31T10:15:32.597 INF VLDFN registered vulnerability check type="active" vulnerability_check="74.1 XSLT Injection" details="74.1.1;74.1.2;74.1.3"
# attack successful
2023-10-31T10:06:59.117 INF ACTIV matched, attack successful attack="74.1.1" attack_request="OXheEHfVEe6dagJCrBEABQ" injection="<!DOCTYPE gl [<!ENTITY x SYSTEM "file:///etc/passwd">]>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/"><gl>&x;</gl></xsl:template>
</xsl:stylesheet>" location="application/x-www-form-urlencoded form field xslt" type="match-response" url="http://host.docker.internal:8098/read-input"
Edited by Arpit Gogia