Detecting XML-related issues, such as XXE
The XML issues need that the request accepts XML, so we need this information in the header's content-type
, as follows:
text/xmlapplication/xml
We can configure a filter in Burp Suite to detect requests that have this information in the headers. To configure the filter, go to the Target
tool, and then click on the F
ilter
bar. Once there, select the XML file format, and if you want, write the content-type
string that we know all requests need to have, as shown in the following screenshot:
After filtering the request that could be vulnerable, add common testing strings as a payload list in the Intruder
tools, as with the past vulnerabilities, and launch them to all the potential requests. For example, one of the most common strings to detect XXE is the following:
<!ENTITY % three SYSTEM "file:///etc/passwd">
When the file appears in the response, it means that you have detected a vulnerability. I recommend the use of the next cheat sheet created by...