23 lines
575 B
Markdown
23 lines
575 B
Markdown
|
|
||
|
## XXE Attacks via File Upload
|
||
|
|
||
|
- If a server allows the upload of DOCX or SVG, XXE can be embedded in these documents
|
||
|
- When the document is processed by the application, it will trigger the exploit XXE Attack via Modified Content Type
|
||
|
|
||
|
- Normal Request example:
|
||
|
```xml
|
||
|
POST /action HTTP/1.0
|
||
|
Content-Type: application/x-www-form-
|
||
|
urlencoded
|
||
|
Content-Length: 7
|
||
|
foo=bar
|
||
|
```
|
||
|
|
||
|
- If the server tolerates this, you can exploit it
|
||
|
```xml
|
||
|
POST /action HTTP/1.0
|
||
|
Content-Type: text/xml
|
||
|
Content-Length: 52
|
||
|
<?xml version="1.0" encoding="UTF-
|
||
|
8"?><foo>bar</foo>
|
||
|
```
|