Introduction

In this video walk-through, we covered XXE or XML external entity vulnerability and how to find it in a web application. This video used the lab material from TryHackMe XXE room.

An XML External Entity (XXE) attack is a vulnerability that abuses features of XML parsers/data. It often allows an attacker to interact with any backend or external systems that the application itself can access and can allow the attacker to read the file on that system. They can also cause Denial of Service (DoS) attack or could use XXE to perform Server-Side Request Forgery (SSRF) inducing the web application to make requests to other applications. XXE may even enable port scanning and lead to remote code execution.

There are two types of XXE attacks: in-band and out-of-band (OOB-XXE).
1) An in-band XXE attack is the one in which the attacker can receive an immediate response to the XXE payload.

2) out-of-band XXE attacks (also called blind XXE), there is no immediate response from the web application and attacker has to reflect the output of their XXE payload to some other file or their own server.

Get OSCP Certificate Notes

Skills Learned

  • XML
  • XXE

Room Answers

Full form of XML

Is XML case sensitive?

Is it compulsory to have XML prolog in XML documents?

Can we validate XML documents against so schema?

How can we specify XML version and encoding in XML document?

With what extension do you save a DTD file?

How do you define a new ELEMENT?

How do you define a ROOT element?

How do you define a new ENTITY?

What is the name of the user in /etc/passwd

Where is falcon’s SSH key located?

What are the first 18 characters for falcon’s private key

Video Walk-Through