0

My goal is to create a docx file that, when uploaded to a server and parsed there, causes the parser to fetch my url so I know it worked.

Unfortunately, I only have Libre Office and not MS Office at my hands. When I open the file with Libre Office, I get an error:

SAXException: [word/document.xml line 2]: Entity 'xxe' not defined

Seems like I did something wrong with my XML syntax, but I can't figure out what.

The document.xml in the file starts like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><!DOCTYPE foo [ <!ENTITY xxe SYSTEM "thisismyurl">]><w:document (...)

(Replaced my actual url for readability)

And then later, I have:

<w:t>&xxe;</w:t>(...)

I created my file with docem. Using the predefined docem payloads results in the same error. Any idea what could have gone wrong? Thank you a lot!

Improve this question

    2 Answers 2

    Reset to default
    1

    You probably are supposed to get an error. You just injected "something" into the xml parts of the docx file which the application(Word or Libre) isn't used to reading and thus it doesn't understand how to process and display that. If you're trying to test it, you should be uploading it to a Test Server with a vulnerable parser and then check for any pingbacks to your Server/Url.

    Improve this answer
      0

      That looks like exactly the error you'd expect if the parser ignores entity definitions in doctypes (or at least ignores external entity definitions; you could distinguish between these by defining some perfectly ordinary static entity instead) but doesn't fail on the definition. When it encounters the custom entity, though, it has no choice but to fail because it can't figure out what is meant, because it skipped the definition.

      Improve this answer

        You must log in to answer this question.

        Start asking to get answers

        Find the answer to your question by asking.

        Ask question

        Explore related questions

        See similar questions with these tags.