XML-External-Entity

XXE: Basic XML Example

<?xml version="1.0" encoding="utf-8"?>

    <userInfo>

      <firstName>Rahul</firstName>

      <lastName>Jain</lastName>

    </userInfo>

XXE: Entity Example

<?xml version="1.0" encoding="utf-8"?>

  

    <!DOCTYPE replace [

    <!ENTITY test "Doe"> ]>

     <userInfo>

       <firstName>Rahul</firstName>

       <lastName>&test;</lastName>

     </userInfo>

XXE: File Disclosure Example

XXE: Local File Inclusion Example

XXE: Server Side Request Forgery Example

XXE: Payload Using DTD File

(&#x25),(&#37) Are the Hex and decimal value of (%)

To Call This File

XXE: Exploit Using SVG Image

XXE: Exploit Using SVG Image (Out Of Band Method)

PreviousSSRFNextXSLT (eXtensible Stylesheet Language Transformations)

Last updated