11.4 Lab: Blind XXE with out-of-band interaction via XML parameter entities | 2024
2024-3-4 13:35:38 Author: infosecwriteups.com(查看原文) 阅读量:12 收藏

This lab has a “Check stock” feature that parses XML input, but does not display any unexpected values, and blocks requests containing regular external entities. To solve the lab, use a parameter entity to make the XML parser issue a DNS lookup and HTTP request to Burp Collaborator | Karthikeyan Nagaraj

Karthikeyan Nagaraj

InfoSec Write-ups

This lab has a “Check stock” feature that parses XML input, but does not display any unexpected values, and blocks requests containing regular external entities.

To solve the lab, use a parameter entity to make the XML parser issue a DNS lookup and HTTP request to Burp Collaborator.

  1. Visit a product page, click “Check stock” and intercept the resulting POST request in Burp Suite.
  2. Insert the following external entity definition in between the XML declaration and the stockCheck element.
  3. Right-click and select “Insert Collaborator payload” to insert a Burp Collaborator subdomain where indicated:

4. Go to the Collaborator tab, and click “Poll now”. If you don’t see any interactions listed, wait a few seconds and try again.

5. You should see some DNS and HTTP interactions that were initiated by the application as a result of your payload. Then the Lab will be solved.


文章来源: https://infosecwriteups.com/11-4-lab-blind-xxe-with-out-of-band-interaction-via-xml-parameter-entities-2024-14fbb40ba2f0?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh