Questions tagged [xml]
XML (Extensible Markup Language) is a set of rules for encoding documents in both human-readable and machine-readable form. Use this tag for security issues relating to the format itself, or where the fact that the data is xml-formatted is core to the question.
78 questions
-2votes
1answer
49views
what is the recommended xml secure configuration to prevent xxe
I want to write down as a security requirements, the recommended security configurations that should be applied to any xml parser. I checked the OWASP cheatsheet (https://cheatsheetseries.owasp.org/...
- 465
1vote
0answers
418views
XXE OOB File Content Extraction
Currently, I've discovered an OOB XXE that allows me to include a .dtd file to extract a particular system file content, for instance, /sys/power/disk. So my file.dtd is: <!ENTITY % data SYSTEM &...
- 11
1vote
0answers
480views
Extracting multiple lines out of band XXE [closed]
I was able to extract a line from the /etc/hostname file and also http://169.254.169.254/latest/meta-data/local-hostname but I want to extract the content of files with multiple line, such as the aws ...
- 111
1vote
2answers
854views
Java XXE vulnerability
If I am already using xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); then do I also need to use xmlInputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities",...
0votes
2answers
880views
How does my HTTPS POST get blocked based on XML content?
There's a web application on a server which I have full access to which accepts POST requests on a REST endpoint. The request payload is expected to be an XML document. For request routing and load ...
- 121
1vote
2answers
619views
What is an XML round trip vulnerability?
I keep hearing about the XML round trip vulnerability in version 3.2.4 of the Ruby package REXML. I looked into it myself, of course, and it seems to have something to do with parsing an XML document, ...
- 200
1vote
1answer
1kviews
Blind XXE - Exfiltration Data via OOB
My lab Kali Linux:192.168.171.134 bWApp Server: http://192.168.171.131 I want to do an exfiltration data via HTTP on this Blind XXE. I'll use the Portswigger Payload. This is the External.DTD: &...
- 21
1vote
1answer
1kviews
XXE with OOB data exfiltration
SCENARIO: I successfully tried to send a request to the burp collaborator, then the application is vulnerable to SSRF through blind XXE. The payload I used is the following <?xml version="1.0&...
- 587
0votes
2answers
1kviews
XXE Injection in docx: entity not defined
My goal is to create a docx file that, when uploaded to a server and parsed there, causes the parser to fetch my url so I know it worked. Unfortunately, I only have Libre Office and not MS Office at ...
0votes
1answer
234views
Bypassing Access-Control-Allow-Headers header [closed]
What i want to do is access the Content-type header which is placed under the Access-Control-Allow-Headers header as i want to attempt to change json to xml on a web application im working on to check ...
- 59
2votes
1answer
592views
XML External Entity injection within the body of a document
If you Google for an example of XXE injection you get something like this: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe ...
- 234
4votes
1answer
466views
What's the use of an "extra" dynamic declaration in an external DTD blind XXE attack?
I've been studying XXE attacks through Portswigger's Web Security Academy. I stumbled upon a lab Exploiting blind XXE to exfiltrate data using a malicious external DTD. In this lab an attacker has to ...
- 1,297
1vote
1answer
2kviews
Avoid cross site scripting in XML namespace
We have a legacy application on spring mvc and we have a web service exposed (SOAP protocol) for some reporting client app. This service was tested by a security team and the report indicates that the ...
1vote
0answers
288views
CWE-611: Improper Restriction of XML External Entity Reference with XSL include
Veracode reports that the below code is susceptible to CWE-611: Improper Restriction of XML External Entity Reference. XslCompiledTransform transform = new XslCompiledTransform(); transform.Load(...
- 143
0votes
1answer
673views
Risks of allowing users to upload PDF and XML files to be stored/retrieved from a DB (ASPNET MVC 5)
I'm modifying an ASPNET MVC 5 web site and a requirement is to allow users to upload an XML and PDF file. The XML file will be used to layout text on the PDF based on variables coming from within the ...
