Exploiting XXE using external entities to retrieve files
https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files
Last updated
https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files
Last updated
Let's check the stock of one of the products.
Since we are proxying the requests through Burp Suite, we can go to Proxy > HTTP History
to view the request.
We can see that the request contains an XML entity.
Let's forward this request to the Repeater
for further modification.
Once in the Repeater
tab, declare the following internal entity after the XML prologue:
And reference the entity within the <productId>
tag as follows:
The response includes out test
entity. This tells us that the application is vulnerable to XXE injection.
Now, in place of the internal entity, declare the following entity:
We have solved the lab.