Exploiting XXE via File Upload

Before moving further we must get familiar with XXE. So please check my previous blogs on it.

https://medium.com/@gupta.bless/exploitation-xml-external-entity-xxe-1f5f3e7bc5c4

We have learnt about XXE previously but there is one more thing we need to understand before going ahead, unrestricted file upload vulnerabilities. So you can read my previous blog for that one as well.

https://gupta-bless.medium.com/exploiting-unrestricted-file-upload-vulnerabilities-4831aa839b25

If the application has the image or file upload functionality then there might be possibility that we can upload an SVG file ,

Scalable Vector Graphics/SVG: SVG file actually defines graphics in XML format.

Since it defines graphics in XML format then these files create a lot of attack scenarios like we can actually execute the XSS using the SVG file and can do a lot more. We can also execute XXE using these files which we are going to explore in this blog.

When we upload SVG image from client side, and there is no verification of content/ commands on server side. Therefore, a situation may arise where attacker can execute malicious commands to fetch the internal details. Such as fetching /etc/passwd file and if the server handling the request is using AWS then we can fetch…