🌺
tryhackme notes
  • 🌺TryHackMe Profile Link
  • Learning Paths
    • 🌺CompTIA PenTest+
      • 🍡Intro to Offensive Security
      • 🍡Penetration Testing Tools
        • 🍡Nmap
          • 🍡Nmap Switches
          • 🍡Overview
          • 🍡TCP Connect Scans
          • 🍡SYN Scans
          • 🍡UDP Scans
          • 🍡NULL, FIN, Xmas Scans
          • 🍡Working with the NSE
          • 🍡Practical
        • 🍡Burp Suite
          • 🍡Introduction
          • 🍡Site Map and Issue Definitions
        • 🍡Metasploit
          • 🍡Introduction
          • 🍡Working with Modules
        • 🍡Nessus
          • 🍡Introduction
          • 🍡Scanning!
          • 🍡Scanning a Web Application!
        • 🍡Hydra
          • 🍡Introduction
          • 🍡Using Hydra
      • 🍡Application-based Vulnerabilites
        • 🍡OWASP Top 10
          • 🍡[Severity 1] Command Injection
          • 🍡[Severity 2] Broken Authentication
          • 🍡[Severity 3] Sensitive Data Exposure
          • 🍡[Severity 4] XML External Entity
          • 🍡[Severity 5] Broken Access Control
          • 🍡[Severity 6] Security Misconfiguration
        • 🍡Vulnversity
      • 🍡Local-host Vulnerabilities
      • 🍡Network-based Vulnerabilites
    • 🌺Web Fundamentals
      • 🌺Introduction to Web Hacking
        • 🍡Walking an Application
      • 🌺Pickle Rick
  • Modules
    • 🌺Linux Fundamentals
      • 🍡Linux Fundamentals Part 1
        • 🍡Searching for Files
      • 🍡Linux Fundamentals Part 3
        • 🍡Processes 101
    • 🌺Introduction to Penetration Testing
      • 🍡Pentesting Fundamentals
        • 🍡Penetration Testing Methodologies
          • 🍡Black Box, White Box, Grey Box Penetration Testing
      • 🍡Principals of Security
        • 🍡The CIA Triad
        • 🍡Principles of Privilege
        • 🍡Security Models Continued
        • 🍡Threat Modelling & Incident Response
    • 🌺Introduction to Cyber Security
    • 🌺Pre Security
    • 🌺John the Ripper
  • Rooms
    • 🍡Basic Pentesting
    • 🍡OhSINT
    • 🌸Sakura Room
    • 😼dogcat
Powered by GitBook
On this page
  1. Learning Paths
  2. CompTIA PenTest+
  3. Application-based Vulnerabilites
  4. OWASP Top 10

[Severity 4] XML External Entity

Notes about XML External Entity & the practical.

An XML External Entity (XXE) is a vulnerability that abuses the features of XML parsers or data. It allows an attacker to interact with any backend or external systems that the application itself can access and allow the attacker to read the file on that system.

In-band XXE - the attacker can recieve an immediate respones to the XXE payload

Out-of-band XXE (blind XXE) - no immediate response from the web application and the attacker has to reflect the output of their XXE payload to some other file or their own server

XML (Extensible Markup Language) - markup language that defines a set of rules for encoding documents in a format that is both human and machine-readable. Stores and transports data. It can also be used on any platform. It simplifies data sharing between various systems and allows validation using DTD and Schema.

It is not cumpulsory to have XML prolog in XML documents.

We can validate XML documents against a schema.

We specifiy XML version and encoding in a XML document by using XML prolog.

To define a new element, we can use !ELEMENT.

To define a root element, we can use !DOCTYPE.

To define a new entity, we can use !ENTITY.

The username in /etc/passwd is "falcon".

Falcon's ssh key is located in /home/falcon/.ssh/id_rsa

The first 18 characters of Falcon's private key is MIIEogIBAAKCAQEA7b.

Previous[Severity 3] Sensitive Data ExposureNext[Severity 5] Broken Access Control

Last updated 2 years ago

🌺
🍡
🍡
🍡