1. Prerequisite Knowledge#
XML is used to mark electronic documents with structural tags
language, can be used to mark data, define data types, is a source language that allows users to define their own markup language. The XML document structure includes XML declaration, DTD document type definition (optional), document elements
Usually starts with asynchronous JavaScript and XML technology (ajax technology): Web applications can quickly render incremental updates on the user interface without the need to reload the entire page. Currently, the use of JSON is more common than XML. JSON and XML are both used in the XML technology of the Ajax model. This markup language allows developers to define and represent any data structure of HTML
The common XML syntax structure is as follows:
Internal declaration entity format: <!ENTITY entity name "entity value">.
Reference external entity format: <!ENTITY entity name SYSTEM "URI">
2. Vulnerability Description#
XML External Entity (XXE) Vulnerability
Vulnerability principle:
XXE vulnerability is mainly caused by the use of DTD to reference external entities.
It generally occurs when the current site allows the reference of external entities
3. Attacks of XXE Vulnerability#
3.1 With Echo#
- Read sensitive files
- Use PHP pseudo-protocol to read files
- Scan internal network ports
- Execute commands
3.2 Without Echo#
- Data extraction can be done using out-of-band data channels
4. Defense against XXE Vulnerability#
- Prohibit external entity methods
- Filter XML data submitted by users
- Upgrade the libxml component