handbook/tools/3.Web-Hacking/4.Injection/XXE/Commands/Commands.md at ef6197093401c7bdd55cf98162b07e9b5c8f203a

x/handbook

Fork 0

Anton Nesterov af9011411c

vault backup: 2024-08-31 01:07:21

2024-08-31 01:07:22 +02:00

986 B

Raw Blame History

Top Injection

Detect the vulnerability

Basic entity test, when the XML parser parses the external entities the result should contain "John" in firstName and "Doe" in lastName. Entities are defined inside the DOCTYPE element.

<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
 <userInfo>
  <firstName>John</firstName>
  <lastName>&example;</lastName>
 </userInfo>

Types of XXE Attacks:

Exploiting XXE to retrieves files ---> [Commands](1 - XXE Retrieve Files)
Exploiting XXE to perform SSRF attacks ---> [Comamnds](2 - XXE SSRF attacks)
Exploiting blind XXE to exfiltrate data out-of-band ---> [SQL](1 - Database) & [XML](3 - XXE (Blind))
Exploiting blind XXE to retrieve data via error messages ---> [SQL](1 - Database) & [XML](3 - XXE (Blind))

986 B Raw Blame History

Top Injection

986 B

Raw Blame History