Member-only story
What is it
XXE = XML eXternal Entities
XXE can occur when XML documents get parsed. We traditionally think of XXE vulnerabilities as uploading an XML file that includes an external entity, an example of this would be:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<foo>&xxe;</foo>We might be able to upload this file if we save it as .xml into an application that process XML files but what some hunters don’t know is that some other file types consist of XML files. In this course we will cover two types of XXE attacks but can you think of any more after reading this?
Types of XXE attacks
XXE can be abused to perform several types of attacks. It can even be chained into things like SSRF.
In this chapter we will mostly take a look at:
- XXE to retrieve files
- XXE to perform SSRF
- Blind XXE
XXE To retrieve files
<!DOCTYPE foo [ <!ENTITY xxe SYSTEM…
