You have not logged in. Access is limited, Please login to get full Access

XML External Entity (XXE)

XML External Entity (XXE) is a type of attack that exploits vulnerabilities in XML parsers. It occurs when an application processes XML input that includes a reference to an external entity. By exploiting this, attackers can access sensitive files, perform server-side request forgery (SSRF), or execute denial-of-service (DoS) attacks. XXE typically targets misconfigured or outdated parsers that allow external entity resolution, posing a significant threat to data confidentiality and system integrity.

Task 1 XXE Explorer

Scenario:
Craw.in, a cutting-edge data analytics company, has recently launched a new service for processing XML data uploaded by clients. Their internal security team (that's you!) has identified a potential vulnerability in the XML parsing logic. You need to exploit it to prove the risk. The target server is running a simple web application. You can interact with it through the provided web interface.

Challenge Overview:
You'll be interacting with a web application that allows uploading XML files. Your goal is to exploit an XXE vulnerability to read sensitive information from the server's file system. Remember, all answers must be a single word.

Answer The Questions

Scenario 1.
You upload an XML file, and the server returns an error. It seems like the server is checking if the XML is well-formed. You need to create a minimal valid XML document to bypass this check.
Question
What is the basic XML declaration needed to make the server happy? (Start with "<" and ends with ">")

Scenario 2.
Now the server accepts your XML file. You need to define an external entity. The entity name will be "xxe". The file location is not important now.
Question:
What XML element defines an entity?

Scenario 3.
You've defined an entity, but nothing happens. You need to actually use the entity in your XML document. It is good to define system entity
Question:
How do you reference the entity "xxe" in your XML? (e.g., similar to &something;)

Scenario 4.
Now it's time to read local files. You will attempt to read /etc/passwd.
Question:
What should be in the SYSTEM definition of the entity to read a local file? (Give the full system name with path)

Scenario 5.
You successfully read the contents of /etc/passwd. It seems the application doesn't display the full content of the file. You need to target another file that is shorter and potentially more revealing. Your next target is /etc/hostname.
Question:
Which file do you need to specify in the System name to read the hostname?

Scenario 6.
You successfully read /etc/hostname. You decide to read files in /var/log folder. The server return "file not found" message, the folder access is restrited.
Question:
which command to use to access the local resource?

Scenario 7.
Now you want to try reading an application configuration file that might contain database credentials or API keys. Assume there's a configuration file at /opt/craw.in/config.ini.
Question:
what is the name of the folder in system name to try read the application configuration file?

Scenario 8.
Craw.in has a legacy system where internal IP addresses are sometimes stored in a specific file. You suspect this file is located at /opt/internal_ips.txt.
Question:
What is the IP address for /opt/internal_ips.txt file?

XML External Entity (XXE)

Task 1 XXE Explorer

Email Verification Required

Admin Panel