banner
raye~

Raye's Journey

且趁闲身未老,尽放我、些子疏狂。
medium
tg_channel
twitter
github
email
nintendo switch
playstation
steam_profiles

XXE Vulnerability Analysis and Practical Application

Common Payload Analysis#

It seems like everyone is using this test code:

Using XML to send data:

But when I tried using parameter entities, it seems that I couldn't carry data:

Nested entities also don't work:

The most commonly used method for carrying data:

Prepare two files on your own VPS, I did the experiment on my local machine.

Open a web service on port 8001 on your local machine,

DraggedImage-1

The content of the local.xml file:

This file represents sending the data to another port 8887 after reading it, and then we send the data to the victim's server,

Then you can receive the data on port 8887

DraggedImage-2

Another payload also works

DTD file

Payload sent

Error XXE#

This method p actually mentioned it a long time ago, you can achieve an error through three levels of nested XML

XXE Probe Intranet#

Case Analysis#

NetDing Cup 2020 fileJava#

The vulnerability used is CVE20143529

Reproduction code

pom.xml

Exploitation process:

Prepare an Excel file:

image

Prepare the DTD file

It will read the file and then send it to port 8887

image

Get the flag by listening

image

References#

This YouTube video explains it well: https://youtu.be/gjm6VHZa_8s?si=rMGJmuSI9XJNtt_S

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.