Collaborate Disseminate
I’m quite new to XXE attacks so please bear with me, when I look at the different payloads to get a OOB XXE they all look like the following (external DTD) :
<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % eval &… Continue reading I’m not sure why the different XXE injection payloads follow a specific pattern
Currently, I’ve discovered an OOB XXE that allows me to include a .dtd file to extract a particular system file content, for instance, /sys/power/disk.
So my file.dtd is:
<!ENTITY % data SYSTEM "file:///sys/power/disk">
<… Continue reading XXE OOB File Content Extraction
I would like to be able to switch back and forth between the real DNS and maybe setting a local DNS entry so I can manipulate AJAX responses for code security checks.
For instance if the server responds with Ajax on page 1 that page 2 is n… Continue reading How can I manipulate certain server side responses? Specifically Ajax Responses? XXE Attack? Hybrid DNS Resolution?
I was able to extract a line from the /etc/hostname file and also http://169.254.169.254/latest/meta-data/local-hostname but I want to extract the content of files with multiple line, such as the aws credentials or /etc/passwd
I tried php… Continue reading Extracting multiple lines out of band XXE [closed]
All of the methods that I tried are here. I am pentesting a PHP site and the site has an upload file button that only allows PDF, .DOC, .DOCX, .MP3, .MP4, .JPG, .JPEG, .PPT, .XLS. Is there a way I can use one of these file formats to gain … Continue reading How to upload a PDF,DOC,DOCX,MP3,MP4,JPG,JPEG,PPT or XLS file to run php code [closed]
All of the methods that I tried are here. I am pentesting a PHP site and the site has an upload file button that only allows PDF, .DOC, .DOCX, .MP3, .MP4, .JPG, .JPEG, .PPT, .XLS. Is there a way I can use one of these file formats to gain … Continue reading How to upload a PDF,DOC,DOCX,MP3,MP4,JPG,JPEG,PPT or XLS file to run php code [closed]
I’m studying XXE vulnerabilities, and I don’t know much about XML.
Apparently for exfiltrating data from server, in the case that XXE vulnerability is blind, we need to make an external DTD like this:
<!ENTITY % file SYSTEM "file:/… Continue reading Why do we need three entities in external DTD for blind XXE?
It is a bug in a web application in which external entities of xml data manipulated. I want to know how we find it, the process.
Continue reading How can we find xxe vulnerability in a web site? [closed]
I wonder, is possible XXE attack in this case?
The data of request is starting with:
<InteractionMessage><Header><SenderApplication>VIP3.0</SenderApplication><ReceiverApplication/><TransactionID>16513976… Continue reading Is possible XXE with XSI modify?
If I am already using
xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
then do I also need to use
xmlInputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
to fix an XXE vulnerability?… Continue reading Java XXE vulnerability