986 B
986 B
Top Injection
Detect the vulnerability
Basic entity test, when the XML parser parses the external entities the result should contain "John" in firstName
and "Doe" in lastName
. Entities are defined inside the DOCTYPE
element.
<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
<userInfo>
<firstName>John</firstName>
<lastName>&example;</lastName>
</userInfo>
Types of XXE Attacks:
- Exploiting XXE to retrieves files ---> [Commands](1 - XXE Retrieve Files)
- Exploiting XXE to perform SSRF attacks ---> [Comamnds](2 - XXE SSRF attacks)
- Exploiting blind XXE to exfiltrate data out-of-band ---> [SQL](1 - Database) & [XML](3 - XXE (Blind))
- Exploiting blind XXE to retrieve data via error messages ---> [SQL](1 - Database) & [XML](3 - XXE (Blind))