XXE Attack using Burpsuite

⦁ I used a vulnerable website (⦁ http://testhtml5.vulnweb.com/#/popular)

a)Pre-settings to be done

b)Go to the vulnerable website:

c) Do Forget password:

⦁ I have used Burpsuite to Intercept the data

⦁ Generated a request to generate new password

⦁ The request was using “Explicit XML entities” as we can see above in the screenshot.

⦁ Since we were able to understand the method, how the XML was used, we injected a different entity in the code(payload) and generated the request. Hence causing Breach.