XXE

Introduction

eXtensible Markup Language



DTD


XXE Payload

Exploiting

Lets start burp and visit the webpage

Now lets try to display our name on the page

The payload works, now lets try reading the /etc/passwd file

We can read it

Now lets try to read the user falcon's id_rsa file, which is also his private key

We can look at it better in the source code


Last updated
Was this helpful?