Sep 26, 2006
The XML port scanning technique described in this paper allows an attacker to utilise an XML parser to execute port scanning of systems behind a restrictive perimeter firewall. While the technique relies on some reasonably specific implementation details in order to be exploitable remotely, it is potentially applicable to any application that accepts XML document inputs.
Several workarounds exist and have been detailed in this paper and the technique does not offer the ability to perform advanced fingerprinting or analysis of the underlying operating system of hosts. However, this technique demonstrates the danger that inadequately configured XML parsers can pose to an organisation and highlights the inability of traditional network security devices to handle application-level threats.
Download paper: stratsec - Wong - XML Port Scanning.pdf