22 lines
986 B
Markdown
22 lines
986 B
Markdown
|
|
|||
|
|
## Top Injection
|
|||
|
|
|
|||
|
|
Detect the vulnerability
|
|||
|
|
|
|||
|
|
Basic entity test, when the XML parser parses the external entities the result should contain "John" in `firstName` and "Doe" in `lastName`. Entities are defined inside the `DOCTYPE` element.
|
|||
|
|
|
|||
|
|
```Terminal
|
|||
|
|
<!--?xml version="1.0" ?-->
|
|||
|
|
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
|
|||
|
|
<userInfo>
|
|||
|
|
<firstName>John</firstName>
|
|||
|
|
<lastName>&example;</lastName>
|
|||
|
|
</userInfo>
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
Types of XXE Attacks:
|
|||
|
|
- Exploiting XXE to retrieves files ---> [Commands]([[1 - XXE Retrieve Files]])
|
|||
|
|
- Exploiting XXE to perform SSRF attacks ---> [Comamnds]([[2 - XXE SSRF attacks]])
|
|||
|
|
- Exploiting blind XXE to exfiltrate data out-of-band ---> [SQL]([[1 - Database]]) & [XML]([[3 - XXE (Blind)]])
|
|||
|
|
- Exploiting blind XXE to retrieve data via error messages ---> [SQL]([[1 - Database]]) & [XML]([[3 - XXE (Blind)]])
|