-XML External Entitiy (XXE) attack is a vulnerability that abuses features of XML parsers/data -allows an attacker to interact with any backend or external system that the application itself can access -can allow attacker to access files on that system -can cause DoS(Denial of Service) attack -can perform Server-side Request Forgery (SSRF) -can enable Port scanning -can lead to RCE
Two types:
- In-band XXE attack: attacker can receive an immediate response to the XXE payload
- Out-of-band XXE attack: attacker has to reflect the output of their XXE payload to some other file or their own server
XML: eXtensible Markup Language - markup language that defines a set of rules for encoding documents in a formal that is both human and machine readable -markup language for storing and transporting data -platform independent -programming language independent (can be used by any system) -data stored and transported can change at any ponit without affecting the data presentation -allows validation using DTD and Schema, ensures that XML document is free from any syntax error -simplified data sharing b/n various systems
syntax:
- xml prolog verision and encodingDTD: Document Type Definition -defines the structure and the legal elements and attributes of an XML doc -.dtd file -define a new element: !ELEMENT
***DTD***new ENTITY: !ENTITY
XXE PAYLOAD -replace entity: eg
]>-read file from the system by defining an entit: eg
]>-new ENTITY defined