identifying

Identify vulnerability

First step is to find web pages that accepts an XML user input. (e.g. contact form) Suppose that a web application is using outdated XML libraries and does not apply any filter or sanitization on our XML input.

In order to print data on the web page, we must need to identify which elements are being displayed on the web application

Put any payload just after the XML tag

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE email [
  <!ENTITY file "Inlane Freight">
]>
<root>
<name>&file;</name>
<details>test event</details>
<date>3434-03-04</date>
</root>

Define new entity

<!DOCTYPE email [
<!ENTITY company "Inlane Freight">
]>

How do I call it

<email>
	&company;
</email>

If we get displayed defined entity value on the web page, it confirms that we may inject XML code.

we added new DTD before defining our entity because the XML input in the http request had no DTD being declared within the XML data itself, or being referenced externally.

Some web application uses JSON format in HTTP request, but still accepts other formats, including XML. We can change the Content-type: application/xml and convert the json to xml with an online tool.

Previousadvance-xxe Nextread-files

Last updated 1 day ago

hashtagIdentify vulnerability

hashtagDefine new entity

Identify vulnerability

Define new entity