A5:2021 | Security Misconfiguration (4) | Cycubix Docs
PreviousA5:2021 | Security Misconfiguration (3) | Cycubix DocsNextA5:2021 | Security Misconfiguration (5) | Cycubix Docs
Last updated
Was this helpful?
Last updated
Was this helpful?
In this assignment, you will add a comment to the photo, when submitting the form try to execute an XXE injection with the comments field. Try listing the root directory of the filesystem.
Hints: Try submitting the form and see what happens. Use ZAP/Burp to intercept the request and try to include your own DTD. Try to include a doctype "(<!DOCTYPE...)" in the xml. This exercise is all about understanding how the XXE injection works.
Do not forget to reference the entity.
For this exercise we can use Burp, Zap or Developer Tools. First open the Intercepter (Burp) or Break (Zap). Then submit a comment on WebGoat. Analyze the request.
Analyze the format of the text "I am a cat" and the path of the Post request.
In the case of BurpSuite or ZAP, replace the text in the button for the following, to probe that the server is vulnerable:
<?xml version="1.0"?><!DOCTYPE comment [<!ENTITY xxe SYSTEM "file:///">]><comment><text>&xxe;</text></comment>
With Developer tools you can do the following steps:
Open the Development Tools in the browser, and go to the Network tab.
On WebGoat, post a comment.
Locate the query to simple in the Network tab and click on Edit and Resend.
Edit the body with:
<?xml version="1.0"?><!DOCTYPE comment [<!ENTITY xxe SYSTEM "file:///">]><comment><text>&xxe;</text></comment>
Details about the solution come in the following page.
