Exploring XXE - XML External Entity and Tips
First of all, what is XXE ?
It is basically an application layer attack, where the attacker injects malicious XML code that will be processed through the DTD (Document Type Definition), creating an external entity and calling it to execute commands.
Let's get to know the structure of XML:
To understand better, we first need to know the DTD (Document Type Definition). It will define the type of document, and whether or not it will be accepted in the XML structure, as the DTD will process the XML information and will also be responsible for exchanging data between the two different technologies.As you can see below, the syntax is divided into tags, and the main tag is the one that contains the others, for example in our case it is the John tag, it is called the root tag and what is contained in it are the attributes from prok3z.
here we will choose any of these products to start exploiting the xxe vulnerability
now we should think about the following, how is this inventory checking happening on the backend side
and then we start to analyze the behavior of the application now we will get the request that it sends to the server
is an xml structure
now we will copy this code
now we will use curl to send our post request
and throw it to a file called xml.txt
first of all, I wanted to remind you that for us to solve this lab we will have to see the passwd file of the target
Lab
https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files
References
https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing