XXE

uploading modified data

XML data discovered

good reference machine bountyhunter.htb

more at apt-secure.ca

  • You have been following through proxy in BurpSuite and discover "data="

  • this is data is in base64, go to tools, you need to "decode" this in to human readable.

  • we need to build a payload

  • example xml output of data from website (Decoded)

  • here is a XXE payload list

  • here is a page with examples

  • more examples

  • look through the list and determine what your end goal is.

    • Available options

      • LFI

      • Blind LFI

      • DOS

      • File Disclosure

      • Access Control Bypass

      • Server Side Request Forgery

      • Remote Attack

  • These payloads need to be modified to fit your particular target

  • edit the payload so that it reflect the existing structure of the xml

  • during directory enumeration were there any obvious databases?

    • Examples

      • db.php

  • Demonstrating