Security advisory: data.riksdagen.se

Discovered by: Niklas Femerstrand (qnrq)

Overview
data.riksdagen.se is an API developed by the legislative assembly of Sweden.

Problem
A vulnerability exists in the generation of XML data where data values of the output are affected by parameters in the URL. Hexadecimal values are improperly validated leaving the software vulnerable to parameter and JavaScript injections and XML external entity attacks. A successful XXE attack grants an unauthorized attacker read permissions with privilege escalation possibilities and various services on the web server risk becoming compromised.

Proof of concept
Test parameter injection: http://data.riksdagen.se/voteringlista/?rm=%22%20%74%65%73%74%3d%22

Disclosure timeline
2011-09-27 Notified web section director (Anna Olderius)
2011-09-28 Received response
2011-09-28 Issues resolved
2011-09-29 Public release

Leave a Reply

Leave a Reply

Your email address will not be published.