1. Background Knowledge#
XML is used to mark electronic documents with structured markup language, which can be used to mark data and define data types. It is a source language that allows users to define their own markup language. The structure of an XML document includes XML declaration, DTD (Document Type Definition) (optional), and document elements.
It is commonly used in asynchronous JavaScript and XML technologies (Ajax technology): web applications can quickly render incremental updates on the user interface without reloading the entire page. Currently, the use of JSON is more common than XML in Ajax models. Both JSON and XML are used in XML technologies. This markup language allows developers to define and represent HTML for arbitrary data structures.
The common syntax structure of XML is as follows:
Internal entity declaration format: <!ENTITY entity_name "entity_value">.
External entity reference format: <!ENTITY entity_name SYSTEM "URI">
2. Vulnerability Description#
XML External Entity Injection (XXE) vulnerability
Vulnerability principle:
The XXE vulnerability is mainly caused by referencing external entities in DTD.
It usually occurs when the current site allows referencing external entities.
3. Attacks on XXE Vulnerabilities#
3.1 With Echo#
- Reading sensitive files
- Reading files using PHP pseudo-protocols
- Scanning internal network ports
- Executing commands
3.2 Without Echo#
- Data extraction using out-of-band channels
4. Defense against XXE Vulnerabilities#
- Disable external entity methods
- Filter XML data submitted by users
- Upgrade libxml components