XXE Injection Attacks – XML External Entity Vulnerability With Examples

The New Acunetix V12 Engine


XXE Injection Attacks or XML External Entity vulnerabilities are a specific type of Server Side Request Forgery or SSRF attack relating to abusing features within XML parsers.

XXE Injection Attacks - XML External Entity Vulnerability With Examples

The features these attacks go after are widely available but rarely used and when trigged can cause a DoS (Denial of Service) attack and in some cases much more serious escalation like extraction of sensitive data or in worst case scenarios RCE or Remote Code Execution.

What is XML

In computing, Extensible Markup Language (XML) is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

From: https://en.wikipedia.org/wiki/XML

It’s been replaced in a lot of modern APIs by JSON, but a lot of applications still use XML and/or have XML parsers inside so it’s good to be aware of XXE attacks as a vector.

XML parsers validate data in two main ways, XXE falls within the DTD or Data Type Definition method.

What is an XXE Attack

The thing is the XML entities can be defined anywhere, including externally, this is where XXE comes in and can be abused by an attacker by using XML entities to request the execution of certain files or even to return the contents of files if they know the structure of your web application for example.

It’s also worth mentioning, that with some XML parsers, it’s even possible to get directory listings in addition to the contents of a file.

XXE Attack Example

An example would look like this:

Request

Response

Obviously this is a simple example, but it could be used to echo /etc/passwd, get secrets from source code repos or execute malicious code (like a web shell) if the attacker has managed to upload something.

You can find out more, in much more depth, here:

Part 1 – What is XML External Entity (XXE)?
Part 2 – XML External Entity (XXE) limitations
Part 3 – Out-of-band XML External Entity (OOB-XXE)

Posted in: Exploits/Vulnerabilities

,


Latest Posts:


Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.


Comments are closed.