Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Generic Blind XXE

By kannthu

High
Vidoc logoVidoc Module
#xxe#generic#blind
Description

Generic Blind XXE

What is the "Generic Blind XXE" module?

The "Generic Blind XXE" module is a test case designed to detect the presence of a blind XML External Entity (XXE) vulnerability. XXE vulnerabilities occur when an application parses XML input from an untrusted source without proper validation, allowing attackers to read sensitive data, perform server-side request forgery (SSRF), or execute arbitrary code.

This module targets a specific software or application that may be vulnerable to blind XXE attacks. It is classified as a high severity vulnerability, indicating the potential for significant impact if exploited.

The original author of this module is geeknik.

Impact

If the "Generic Blind XXE" vulnerability is successfully exploited, an attacker may gain unauthorized access to sensitive information, compromise the application's functionality, or execute arbitrary code on the target system. This can lead to data breaches, unauthorized data disclosure, and potential system compromise.

How does the module work?

The "Generic Blind XXE" module works by sending a crafted XML payload to the target application and analyzing the response to determine if a blind XXE vulnerability exists. The module uses a specific set of matching conditions to identify the presence of the vulnerability.

One example of an HTTP request used by this module is:

POST / HTTP/1.1
Host: <Hostname>
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer:

<?xml version="1.0"?>
<!DOCTYPE foo SYSTEM "http://<InteractionURL>">
<foo>&e1;</foo>

This request is designed to trigger an XXE vulnerability by including a malicious XML payload. The module then checks the response for specific patterns or behaviors that indicate the presence of the vulnerability.

The matching condition used by this module is based on the "interactsh_protocol" part, which checks if the response contains the word "http". If this condition is met, it indicates a potential blind XXE vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: http
Passive global matcher
No matching conditions.
On match action
Report vulnerability