title: "Web Security - XXE Vulnerability"
date: 2021-12-14T16:49:50+08:00
lastmod: 2021-12-14T16:49:50+08:00
categories: [Web Security]
tags: [Web Security]
summary: "XML External Entity Injection (XXE) vulnerability"
1. Background Knowledge#
XML is used to mark electronic documents with structural tags. It can be used to mark data and define data types. It is a source language that allows users to define their own markup language. The structure of an XML document includes XML declaration, DTD (Document Type Definition) (optional), and document elements.
It is commonly used in asynchronous JavaScript and XML technologies (Ajax technology): web applications can quickly render incremental updates on the user interface without reloading the entire page. Currently, the use of JSON is more common than XML in Ajax models. Both JSON and XML are used in XML technologies. This markup language allows developers to define and represent HTML for arbitrary data structures.
The common syntax structure of XML is as follows:
Internal entity declaration format: <!ENTITY entity_name "entity_value">.
External entity reference format: <!ENTITY entity_name SYSTEM "URI">
2. Vulnerability Description#
XML External Entity Injection (XXE) vulnerability
Vulnerability principle:
The XXE vulnerability is mainly caused by the reference to external entities in DTD.
It usually occurs when the current site allows the reference to external entities.
3. XXE Vulnerability Exploitation#
3.1 With Echo#
- Reading sensitive files
- Reading files using PHP pseudo-protocols
- Scanning internal network ports
- Executing commands
3.2 Without Echo#
- Data extraction using out-of-band channels
4. XXE Vulnerability Defense#
- Disable external entity methods
- Filter XML data submitted by users
- Upgrade libxml components
Finally, watch a video combined with text to understand XXE vulnerabilities (requires a VPN).