Portswigger Academy XML external entity (XXE) injection Labs

Introduction

What?

XML external entity attacks (XXEs) are fascinating vulnerabilities that target the XML parsers of an application.

Why?

XXEs can be very impactful bugs, as they can lead to confidential information disclosure, SSRFs, and DoS attacks. But they are also difficult to understand and exploit.

How?

• XML external entity (XXE) injection techniques

• Exploiting XXE using external entities to retrieve files

• Exploiting XXE to perform SSRF attacks

• Blind XXE with out-of-band interaction

• Blind XXE with out-of-band interaction via XML parameter entities

• Exploiting blind XXE to exfiltrate data using a malicious external DTD

• Exploiting blind XXE to retrieve data via error messages

• Exploiting XInclude to retrieve files

• Exploiting XXE via image file upload

• Exploiting XXE to retrieve data by repurposing a local DTD