#14 Invalid XML files

v1.0 (example)
open
nobody
None
5
2014-02-03
2014-02-03
Mario Vilas
No

When scanning live.vodafone.es and generating an XML output file, some characters aren't correctly escaped. This causes XML parsers to fail to read the file, but at its worst, it can also cause a security issue if a malicious site is scanned and the resulting XML file is fed to a parser (XML injection vulnerability).

I've attached the XML file showing the problem, look for unescaped ampersands in the "extension" tag near the end of the file.

1 Attachments

Discussion


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks