cURL / Mailing Lists / curl-users / Single Mail

curl-users

curl & malicious XML?

From: Bill Hines <bill.hines_at_us.ibm.com>
Date: Tue, 7 Feb 2006 14:01:07 -0500

I'm trying to use curl to test a malicious xml scenario, sending an xml
file with a huge number of xmlns: tags to my application server. But it
appears that curl is trying to parse the xml file itself, racing the cpu at
95% cpu for the curl.exe process. Below is the command I'm using. Is there
any way to have curl not process the xml so that I can try to submit it to
my local server instance? I'm not doing anything underhanded here, just
trying to test out some scenarios to protect against this type of thing.

curl --data-binary @megaNS.xml -i
%host%/WebServices2Web/services/SimpleServiceBean -H "Content-Type:
text/xml" -H "SOAPAction:
%host%/WebServices2Web/services/SimpleServiceBean"
Received on 2006-02-07