xxe – Page 3 – WindowsTechs.com

XXE inside an XML element?

Posted on January 13, 2020 by Rob Gates

I have a bug where a Java SAXReader with validation set to false reads XML I partially control.

The reader gets supplied this:

<event>[DATA I CONTROL]</event>

I can put whatever I want in [DATA I CONTROL], t… Continue reading XXE inside an XML element?→

How can i turn this xml injection into a valid XXE?

Posted on November 15, 2019 by Pong

I was testing the website example.com and found a form vulnerable to XML Injection. It send the details you insert into that form as xml attachment via email to my email address and also to administrators CMS as email. It wor… Continue reading How can i turn this xml injection into a valid XXE?→

Bypassing Access-Control-Allow-Headers header

Posted on October 17, 2019 by sheppard

What i want to do is access the Content-type header which is placed under the Access-Control-Allow-Headers header as i want to attempt to change json to xml on a web application im working on to check if its vulnerable to XML… Continue reading Bypassing Access-Control-Allow-Headers header→

XML External Entity injection within the body of a document

Posted on September 24, 2019 by XCore

If you Google for an example of XXE injection you get something like this:

<?xml version=”1.0″ encoding=”ISO-8859-1″?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM “file:///dev/random” … Continue reading XML External Entity injection within the body of a document→

What’s the use of an "extra" dynamic declaration in an external DTD blind XXE attack?

Posted on September 17, 2019 by Shuzheng

I’ve been studying XXE attacks through Portswigger’s Web Security Academy. I stumbled upon a lab Exploiting blind XXE to exfiltrate data using a malicious external DTD.
In this lab an attacker has to define an entity within XML request to … Continue reading What’s the use of an "extra" dynamic declaration in an external DTD blind XXE attack?→

XXE OOB and URL Length Limit

Posted on August 24, 2019 by Ravan87

How would you read a large file by exploiting an XXE OOB vulnerability through HTTP? The file is very large and exceeds the limit of the URL (2048 characters). Any ideas?

Continue reading XXE OOB and URL Length Limit→

XXE OOB Large File Extraction

Posted on August 12, 2019 by Ravan87

Most of examples for extracting files through XXE OOB (Out of Band) sets up a listening HTTP server and listens to incoming request on the URL requested. However, since the URL length is limited to something like 2048, how would you extrac… Continue reading XXE OOB Large File Extraction→

Why Would A Web Server Allow Loading XML External Entities?

Posted on July 17, 2019 by ImnotaspyYoureaspy

I’ve been reading up on XXE Injection, and so far every example I’ve seen has involved a webserver voluntarily loading xml external entities (as below).

<?php
libxml_disable_entity_loader (false);
$xmlfile = file_get_co… Continue reading Why Would A Web Server Allow Loading XML External Entities?→

Microsoft Management Console Bugs Allow Windows Takeover

Posted on June 18, 2019 by Tara Seals

Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops. Continue reading Microsoft Management Console Bugs Allow Windows Takeover→

Billion Laughs Attack (XXE) – how does it work

Posted on May 8, 2019 by Jshee

Hi all Im trying to understand how the billion laughs attack works(https://en.wikipedia.org/wiki/Billion_laughs_attack)

So far I get its obviously sending this payload:

<?xml version=”1.0″?>
<!DOCTYPE lolz [
<… Continue reading Billion Laughs Attack (XXE) – how does it work→