function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
tarunkumarsfdc1.3940961681216885E12tarunkumarsfdc1.3940961681216885E12 

XML Injection Error

HI Guys,

                I had created an application which works on the web service request(JAVA)  and we are getting an error on XML Injection on BURP Report.How to get rid of the Issue?Any Help would be appreciated.


Thanks In Advance,
Tarun.M.P
VikashVikash (Salesforce Developers) 
Hi Tarun,

Please share the error message you are getting .

Thanks
Vikash_SFDC
tarunkumarsfdc1.3940961681216885E12tarunkumarsfdc1.3940961681216885E12
HI Vikash,

The exact error is that when ever I try to call my WSDL file , XML injection error is coming  and the parameters which are passing from the SOAP Request is giving the exact problem 

In brief If I send a request using BURP tool , in the response The paramerters like <usermail> ,   <xlmns:soapenv XML attribute> ,[xmlns:web XML attribute],[xmlns:web XML attribute],[password XML parameter]


The parameters of the response in XML is throwing the errors.  where my request is <soapenv:Body><usermail>xxxx@xyz.com</usermail><password>xxxxxxxxxxx(encrypted form not the exact password)</password></soapenv:Body>

And the remedy for the problem is to validate or sanitize the XML parameter ,   Can I Have your solution on how to validate (or) sanitize the XML parameters.


Thanks In Advance,
Tarun.M