I test to exfiltrate /etc/passwd via svg. The problem is the image of svg is too small to hold all the content of /etc/passwd. So how to extract full content of /etc/passwd?
You can try OOB Exfils - Out of Band Exfils. What he did here was very damn basic honestly. Check out HTBs module if you wanna learn more. It's pretty good. Has some wack quirks but aside is quite noice
XXEInjector by Jakub Pacholski is generally a good choice. Though it might not work for this particular tech without some workarounds since it was designed to work with XMLs specifically and not SVGs. While an SVG is XML based, it can be discriminated from a normal XML using filters. On a weak system you could get through via a mix of poor file type validation and XXE but in a more secure environment the script might require some tinkering on your part. I've tried it to no avail.... yet : 3 But for "normal" XXE it's very good. has it's own quirks like any other automated tool though ; )
You could try some of the other file types that are listed on the link that we have shared in the description. You could also try to use jpeg/png as content type while still uploading an svg. You could try to use the jpeg/png magic file header in front of your SVG payload, etc. Be creative and try everything that comes to your mind 😇
as usual, excellent explanation. Thanks.
You are welcome! 🥰 Please share the word!
man i just love you
🥰🥰🥰
Your way of teaching is awsome
">
Thank you! 😎
Thks from Moscow
Our pleasure! Greetings back to Russia 😇
I test to exfiltrate /etc/passwd via svg. The problem is the image of svg is too small to hold all the content of /etc/passwd. So how to extract full content of /etc/passwd?
You can try OOB Exfils - Out of Band Exfils. What he did here was very damn basic honestly. Check out HTBs module if you wanna learn more. It's pretty good. Has some wack quirks but aside is quite noice
Bro how can I get server IP instead of ///etc/passwd and what else can we do more
Hi Julian, check out our Hackademy article linked in the description for more information on XXE vulnerabilities! 😉
That's awesome
Thank you so much for you wonderful Tutorials
Is there any automation tool for exploiting XXE Injection (Like SQLMAP Tool for SQL Injection)?
We are typically trying to manually exploit XXE vulnerabilities. However, you can find plenty of XXE exploitation tools on Github.
XXEInjector by Jakub Pacholski is generally a good choice. Though it might not work for this particular tech without some workarounds since it was designed to work with XMLs specifically and not SVGs.
While an SVG is XML based, it can be discriminated from a normal XML using filters. On a weak system you could get through via a mix of poor file type validation and XXE but in a more secure environment the script might require some tinkering on your part. I've tried it to no avail.... yet : 3
But for "normal" XXE it's very good. has it's own quirks like any other automated tool though ; )
What if svg content type is not allowed and how to bypass?
You could try some of the other file types that are listed on the link that we have shared in the description.
You could also try to use jpeg/png as content type while still uploading an svg. You could try to use the jpeg/png magic file header in front of your SVG payload, etc.
Be creative and try everything that comes to your mind 😇
Thank you
Cheers! 👊
Can I have the github link for the xxe
Sure, we have added it to the description :)
Super cool trick for bug hunters and only for them .Thanks
why don't you make supporting team like discord server or telegram group for your subscribers :)
There you go my friend: go.intigriti.com/discord
It already exists!
@@intigriti thankyou brother.
СКАЙ
Я буду йти
We like these letters but we cannot read them :)
First!
Seems we are having two firsts 😅
First
Seems we are having two firsts 😅
That account is my second account 🤣
@@lethalleet hahahah
He hacked me with knowledge he learned from your past videos.
😆
@@MichaelCooter true 😆
i am noob hacker 🥲
Same 👊