XML External Entity (XXE) Injection - DVNA
Last updated
Last updated
DVNA - Damn Vulnerable Node Application
Step 1: Navigate to"A4: XML External Entities" > XXE: ImportProducts.
Notice that "Bulk Import Products" feature has a file upload functionality
Step 2: Let's upload valid, benign XML file and observe the application behaviour. Save the following XML snippet into the file and save it with .xml extension and upload it using "Bulk Import Products" feature. Intercept the POST request made using Burp
Step 3: Send the intercepted request to Burp Repeater(CTRL+R) and navigate to repeater(CTRL+SHIFT+R)
Step 4: Forward the request in repeater and follow redirection. notice that the XML is parsed and the application created a table with the XML data provide
Step 5: Let's check if the XML parser allows external entity expansion. In the request body of the POST request in the repeater, modify the XML payload to the following. Forward the request and follow redirection. Notice that the XML parser expanded the entity and the product description is updated
Step 6: Let's use an XML external entity to read files on the remote server. In the request body of the POST request in the repeater, modify the XML payload to the following. Forward the request and follow redirection. Notice that the XML parser processed the external entity and the product description is updated with contents of /etc/passwd on the remote server where the XML parser is running
