O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

XXE attack

An XXE attack is based on the concept of external entities in XML. We can utilize the URI portion of external entities to do nasty things such as reading files, exfiltration of data, server-side request forgery, or even executing arbitrary code.

Note

In some of the following examples I have purposely enabled a few features such as the external entity loader, URL fopen, and the expect module of PHP for the sake of demonstration. These come disabled in a default installation of PHP.

Keep in mind that an XXE attack affects other server-side scripting platforms such as JSP, ASP, and so on; so some features which are disabled in PHP by default may work out of the box on other platforms.

Consider the following XML parsing code in PHP:

<?php $xml ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required