Exploiting XXE Vulnerabilities in Apache NiFi

Introduction I’ve based this write up on a fantastic one published by Chris Davis from Counter Hack on the SANS Pen-testing blog. The actual exploit itself is one that has been acknowledged and fixed in the latest public build of NiFi (1.4.0). The reason for this post is purely for education purposes, as I’d worked with XML External Entity attacks in the past; but never fully understood how and why they work.

Continue reading