|
- What is XXE (XML external entity) injection? Tutorial Examples | Web . . .
In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks
- What is a blind XXE attack? Tutorial Examples - PortSwigger
What is blind XXE? Blind XXE vulnerabilities arise where the application is vulnerable to XXE injection but does not return the values of any defined external entities within its responses This means that direct retrieval of server-side files is not possible, and so blind XXE is generally harder to exploit than regular XXE vulnerabilities
- Guide to XML entities with examples | Web Security Academy
In this section, we'll explain some key features of XML that are relevant to understanding XXE vulnerabilities What is XML? XML stands for "extensible
- Testing for XXE injection vulnerabilities with Burp Suite
XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data It occurs when user input that contains a reference to an defined external entity is processed in an unsafe way on the server-side
- Lab: Exploiting XXE to perform SSRF attacks - PortSwigger
This endpoint can be used to retrieve data about the instance, some of which might be sensitive To solve the lab, exploit the XXE vulnerability to perform an SSRF attack that obtains the server's IAM secret access key from the EC2 metadata endpoint
- Lab: Exploiting XXE via image file upload - PortSwigger
This lab lets users attach avatars to comments and uses the Apache Batik library to process avatar image files To solve the lab, upload an image that displays the contents of the etc hostname file after processing Then use the "Submit solution" button to submit the value of the server hostname
- Lab: Exploiting XInclude to retrieve files | Web Security Academy
Because you don't control the entire XML document you can't define a DTD to launch a classic XXE attack To solve the lab, inject an XInclude statement to retrieve the contents of the etc passwd file
- Lab: Exploiting XXE using external entities to retrieve files
Lab: Exploiting XXE using external entities to retrieve files APPRENTICE This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response To solve the lab, inject an XML external entity to retrieve the contents of the etc passwd file
|
|
|