Closed jvbeck closed 3 years ago
Howdy @jvbeck,
You must be looking at code like the following:
Are you experiencing any trouble derived from this, or are you just noting a potential improvement?
Hi, I am also referring to code like
This sample occurs in every Registration class.
If the NH registration is done by the back-end then the PNS handle must be transferred from the mobile device to the back-end.
I do not know how much mischief could be caused by this XML injection. I merely note that it is possible.
I can easily workaround the problem by overriding the getXml method in "fix" classes that extend the provided Registration classes.
Note also my comment on #44
@jvbeck After review, our backend is not vulnerable to XML Injection attacks but will make a note of this for future versions.
All Registration XML strings are created using string manipulation. It is possible to create tag values and PNS handle values that result in XML that is not what was actually intended. The XML should be generated using an XMLStreamWriter.