In the first part of the XXE vulnerability blog, we will learn about some basics concept of XML, like structure, DTD (Internal and External), and entity (Internal and External)
First, we will understand what XML is.
XML stands for Extensible Markup Language, which stores and transmits data from one platform to another.
The platform can be any server, desktop, mobile, cloud instance, etc.
XML is a platform-independent markup Language. XML and HTML are complementary to each other because HTML is used to display data, whereas XML is used to store or transmit data
Example of XML:
<emails>
<email service=”gmail”>
<from>demo@gamil.com</from>
<to>test@gamil.com</to>
<header>Test Email (Gmail)</header>
<message>This is a test email using Gmail</message>
</email>
<email service=”outlook”>
<from>demo@outlook.com</from>
<to>test@outlook.com</to>
<header>Test Email (Outlook)</header>
<message>This is a test email using Outlook</message>
</email>{codeBox}
In the above example, anything that is present between the start tag and the closing tag, including tags, is known as elements, and attributes are key-value pairs to define the properties of XML elements (service=”outlook” or service=”gmail”)
As we can see in the example, XML tags are user-defined, whereas HTML tags are predefined.
Now let's move further and learn about an important concept called DTD.
DTD is used by applications to validate the XML data. In short, DTD is a grammar of XML to verify whether the XML format is correct or not.
Now we will see types of DTD.
Internal DTD
If the DTD is defined inside the XML document, it is called an Internal DTD.Example:
<?xml version="1.0"?>
<!DOCTYPE email [
<!ELEMENT email (to,from,header,message)>
<!ELEMENT to (#PCDATA)>
<!ELEMENT from (#PCDATA)>
<!ELEMENT header (#PCDATA)>
<!ELEMENT message (#PCDATA)>
]>
<email>
<from>demo@gamil.com</from>
<to>test@gamil.com</to>
<header>Test Email</header>
<message>This is a test email</message>
</email>{codeBox}
Here #PCDATA defines that data present in the element is parsed by the parse.
Now we will see how to declare entity (variables used to define shortcuts to any text) internally.
Syntax:
<!ENTITY entity_name “entity value”>{codeBox}
Usage:
<!ENTITY first_name “sahil”>
<name>&first_name;</name>{codeBox}
Output:
<name>sahil</name>{codeBox}
External DTD
If the DTD of an XML document is defined in an external document and imported by an XML document using the reference of the DTD documentExample
Let's say we have two files first one is dtd_file.dtd to define the DTD, and another is file.xml
dtd_file.dtd
<!ELEMENT email (to,from,header,message)>
<!ELEMENT to (#PCDATA)>
<!ELEMENT from (#PCDATA)>
<!ELEMENT header (#PCDATA)>
<!ELEMENT message (#PCDATA)>{codeBox}
File.xml
<!Entity email SYSTEM “dtd_file.dtd”>
<email>
<from>demo@gamil.com</from>
<to>test@gamil.com</to>
<header>Test Email</header>
<message>This is a test email</message>
</email>{codeBox}
Now we will see how to declare entity (variables used to define shortcuts to any text) Externally.
Remote XML file (remote.xml)
<from>demo@gamil.com</from>
<to>test@gamil.com</to>
<header>Test Email</header>
<message>This is a test email</message>{codeBox}
Syntax:
<!ENTITY entity-name SYSTEM "URI/URL">{codeBox}
Usage
<!ENTITY data SYSTEM “remote.xml”>
<email>&data;</email>{codeBox}
Output
<email>
<from>demo@gamil.com</from>
<to>test@gamil.com</to>
<header>Test Email</header>
<message>This is a test email</message>
</email>{codeBox}