Often vulnerabilities get tangled up with each other and it is difficult to say what vulnerability should be called by what name. It is not worth bothering with such things, roses smell the same no matter what you call them.

SSRF stands for Server Side Request Forgery, which generally refers to a situation where an attacker can manipulate an application to send HTTP requests to a desired target, potentially within the internal network or a local service of the attacker.

XXE vulnerability often leads to SSRF vulnerability as external entities can also reference different resources other than files, one example being the HTTP service.

Here is an example XML file that, when processed by a vulnerable application, would download and embed the source code of Hakatemia's website inside the XML.

Do the exercise below and try to read the secret recipe from the internal HTTP API running on the server using an XXE attack.

Read the secret recipe from the recipe service running locally on the server whose URL address is: http://127.0.0.1:5000/api/v1/recipes

In this lab, you will practice SSRF attacks by exploiting XXE vulnerabilities.

XXE and SSRF

## What is SSRF?

Often vulnerabilities get tangled up with each other and it is difficult to say what vulnerability should be called by what name. It is not worth bothering with such things, roses smell the same no matter what you call them.

SSRF stands for Server Side Request Forgery, which generally refers to a situation where an attacker can manipulate an application to send HTTP requests to a desired target, potentially within the internal network or a local service of the attacker.

---

## XXE and SSRF

XXE vulnerability often leads to SSRF vulnerability as external entities can also reference different resources other than files, one example being the HTTP service.

Here is an example XML file that, when processed by a vulnerable application, would download and embed the source code of Hakatemia's website inside the XML.

```xml
<!DOCTYPE auto[
    <!ENTITY xxe SYSTEM "https://www.hakatemia.fi">
]>
<car>
  <template>&xxe;</template>
</auto>
```

---

## Exercise

Do the exercise below and try to read the secret recipe from the internal HTTP API running on the server using an XXE attack.

@exercise d7930b0ab0df


XXE SSRF

XML is superficially a simple protocol, tags and attributes. However, XML has hidden capabilities that unfortunately are often not disabled by default in XML handlers...

XML is a relatively simple protocol, consisting of tags and attributes. However, XML has hidden abilities that unfortunately are often not disabled by default in XML processors...

XXE SSRF

What is SSRF?

Learn to hack — start here