About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

XXE in IBM's MAAS360- 119

NetSpiPosted 6 Years Ago
  • XML is a markup language that can be used in order to transfer data. It can have special section called Document Type Definitions (DTD). By referencing a malicious DTD remotely, we can inject some code into XML document with eXternal XML entity. This article has a really good explanation on the XXE vulnerability.
  • The author was going after a standard XXE vulnerability in several file parsers, but had no luck.
  • Eventually, he saw a field, that appeared to be taking some parameters and injecting it into an XML document. By creating a DTD inside of this, he was in business!
  • He tested this by setting up a Burp Collaborator session. Once a ping came back to the session, he knew that there was an XXE vulnerability.
  • Actual exploitation can be difficult when the vuln is out-of-band. But, the author uses a pretty standard exploitation mechanism for this.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed