Questions tagged [xxe]
XXE, or XML External Entity, is part of the XML spec that can introduce a vulnerability in poorly crafted XML parsers.
41 questions
-2votes
1answer
49views
what is the recommended xml secure configuration to prevent xxe
I want to write down as a security requirements, the recommended security configurations that should be applied to any xml parser. I checked the OWASP cheatsheet (https://cheatsheetseries.owasp.org/...
- 465
1vote
0answers
134views
could XXE vulnerability lead to an RCE
I have identified an XXE vulnerability in an XML parser of an application that allows external entities. I used the below crafted xml to do a get request on localhost on port 9090, and on the same ...
- 465
1vote
0answers
418views
XXE OOB File Content Extraction
Currently, I've discovered an OOB XXE that allows me to include a .dtd file to extract a particular system file content, for instance, /sys/power/disk. So my file.dtd is: <!ENTITY % data SYSTEM &...
- 11
1vote
0answers
210views
How can I manipulate certain server side responses? Specifically Ajax Responses? XXE Attack? Hybrid DNS Resolution?
I would like to be able to switch back and forth between the real DNS and maybe setting a local DNS entry so I can manipulate AJAX responses for code security checks. For instance if the server ...
- 141
1vote
0answers
480views
Extracting multiple lines out of band XXE [closed]
I was able to extract a line from the /etc/hostname file and also http://169.254.169.254/latest/meta-data/local-hostname but I want to extract the content of files with multiple line, such as the aws ...
- 111
0votes
0answers
4kviews
XXE in SOAP request when WS requires WS-Security
I am trying to test XXE and SSRF in SOAP webservice. Let say that my request looks like this: <?xml version="1.0"?> <!DOCTYPE order [ <!ELEMENT foo ANY > <!ENTITY xxe ...
- 1,363
1vote
2answers
262views
Is possible XXE with XSI modify?
I wonder, is possible XXE attack in this case? The data of request is starting with: <InteractionMessage><Header><SenderApplication>VIP3.0</SenderApplication><...
- 11
1vote
2answers
854views
Java XXE vulnerability
If I am already using xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); then do I also need to use xmlInputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities",...
1vote
1answer
1kviews
Blind XXE - Exfiltration Data via OOB
My lab Kali Linux:192.168.171.134 bWApp Server: http://192.168.171.131 I want to do an exfiltration data via HTTP on this Blind XXE. I'll use the Portswigger Payload. This is the External.DTD: &...
- 21
1vote
1answer
357views
XXE SSRF Practice
I'm trying to implement a simple demo - to better understand XXE and SSRF techniques. I have written these two files below in an attempt to set this up. I currently intercept the AJAX POST request and ...
1vote
1answer
1kviews
XXE with OOB data exfiltration
SCENARIO: I successfully tried to send a request to the burp collaborator, then the application is vulnerable to SSRF through blind XXE. The payload I used is the following <?xml version="1.0&...
- 587
2votes
1answer
1kviews
PHP Blind XXE Exploitation: Invalid URI in Entity
When attempting to exploit blind XXE as explained in this article, I got an error in my apache logs: PHP Warning: DOMDocument::loadXML(): Invalid URI: http://192.168.6.1/82a3ccab632c in Entity The ...
- 265
1vote
0answers
181views
Prevent XXE attack by preprocessing XML
I have an old project which parses XML files coming from an external origin, so it is at least in principle vulnerable to XXE. It is difficult to update the project to use newer versions of XML ...
- 149
2votes
1answer
11kviews
XXE - possible to read directories?
I have come across XXE on a CTF a while ago and I can't get my head around where to go from where I am. <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [<!ENTITY xxe SYSTEM "php:...
- 307
0votes
2answers
1kviews
XXE Injection in docx: entity not defined
My goal is to create a docx file that, when uploaded to a server and parsed there, causes the parser to fetch my url so I know it worked. Unfortunately, I only have Libre Office and not MS Office at ...
