So I found this explanation for a vulnerability on some cms :
The XML parser at /WorkArea/Blogs/xmlrpc.aspx is vulnerable to XML external entity attacks which can be used to Scan behind perimeter firewalls or possibly include files from the local file system e.g. ]> &test;
How can that issue be exploited . I have vulnerable cms on my home server. There isn't really much info on that. My goal is to learn something new. THanka
The XML syntax allows for automatic inclusion of other files, which can be on the same system, or even elsewhere (through a URL). See for instance this documentation. The attack would be conceptually a case where the attacker can add an "external entity reference" in a piece of XML which will be interpreted as XML by a machine (e.g. a Web server), with the rights of that server; the attacker can then make the machine read a local file of his choosing (a file local to the server) and include it in the interpreted XML. If the interpreted XML is then sent back to the attacker, then the attacker gains a read access to the server local files.
We could imagine that in a CMS system, where the attacker can insert messages with a XML syntax. If the CMS allows arbitrary XML from the attacker, then the attacker can use external entities to read and display files like /etc/passwd (or even /etc/shadow if the CMS runs as root).
