Detecting XML External Entities                                             Chapter 7

            Gathering report information

            Let's walk through the information we need to write our report.


            Category

            This is an XXE attack.



            Timestamps

            For our timestamp, we can use an approximate time for when we submitted our XXE entity
            replacement request.


            URL

            The location of the vulnerability is the application index, for example:

                IUUQ


            Payload

            Here, we can enter the XML snippet we used as our PoC for validating the capacity for
            entity expansion:

                  YNM WFSTJPO       FODPEJOH  65'
                  %0$5:1& SFQMBDF <  &/5*5: FYBNQMF  4VDDFTT   >
                 SPPU  OBNF &EXBSE
                )BXLT  OBNF  UFM             UFM  FNBJM  FYBNQMF   FNBJM  QBTTXPSE SPHVFNPP
                O  QBTTXPSE   SPPU



            Methodology

            To prove that the service in question is susceptible to an XXE attack, we used Burp Suite to
            intercept and modify an HTTP 1045 request, replacing the XML document generated by
            our form submission with our payload.









                                                    [ 125 ]