The paper aims to perform a Server Side Request Forgery attack using Xml eXternal Entity vulnerability. Developers need to make sure these vulnerabilities are mitigated in their web application. The paper first introduces us to what is XML and its usage and then explains the XXE and SSRF vulnerabilities. Later its discussed how an SSRF attack can be initiated after exploiting XXE vulnerability.
Key Pointers:
- What are external entities in XML and how they are used in XXE attacks
- Understanding how XXE works through demonstration
- What is SSRF and what an attacker can do using this vulnerability
- Exploit demonstration for how to find SSRF and how it works
- Finally using XXE vulnerability in a target application and initiating SSRF attack