This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Created attachment 1691 [details] Payload + received requests at my server Hi guys, while testing for an XXE attack at an internal penetration test, I used the w3c xml validator to simply check for validity of my PoC xml. Since I used an internal IP address in the payload and w3c validator seems to react slow during validation, I tried this with an URL under my control (Burp Suite Collaborator Tool). DNS as well as HTTP requests are sent to my server after submitting the form. You get 2 screenshots attached: - one shows the PoC XXE payload on the validator website. - second shows HTTP and DNS requests coming from your servers to my server. Please fix this asap since it's a very critical issue. This PoC is quite boring but could be exploited easily to do various attack (file read, using w3c as an attacker proxy and a lot more). Greetings, Florian
Well, someone fixed it. No response, but okay...at least the vuln is gone.