Blind XXE Attacks

When we find an application vulnerable to XXE, but it doesn't show up in the application's response then we can confirm it's a Blind XXE, we can test this using the Burp collab client.

This means we cannot retrieve data from the backend like how we used to do and it's generally harder to exploit.

Follow these two ways to detect and exploit it :

We can trigger out-of-band network interaction, exfiltrating sensitive data
We can trigger XML parsing errors and tamper them to retrieve some sensitive information

PreviousXInclude Attacks NextIdentification

Last updated 1 year ago