Note
web
python
xml
xpath
ssrf
pycurl
parser-differential
Exploit tree-wide .//field lookups where the first depth-first match — not the visible top-level field — becomes the trusted value.
XML Depth-First Resolution (.//icon_url) + Internal Fetch via pycurl
.//field style lookups are tree-wide and depth-first. The first nested match, not the visually obvious
top-level field, may become the trusted value. Validation often inspects one node while later fetch
logic resolves another — or both use tree-wide queries and the attacker controls ordering.
Why It Works
- Generic selectors like
.find(".//icon_url")return the first match in document order, which the attacker can plant beneath a benign-looking wrapper.
Vulnerable Pattern
- Python XML parsing with
.find(".//icon_url"),.find(".//method"), or similar generic queries over attacker-controlled XML. - The fetched URL or HTTP method is later passed straight into
pycurl,requests, or another backend call.
Exploit Flow
- Discover which fields are read with tree-wide selectors and whether the first match wins.
- Build a document where a benign top-level field satisfies human review while the first depth-first match contains the real payload.
- Target internal proxy hosts, metadata endpoints, or method/body controls to pivot beyond simple SSRF.
Variations
- Nested wrappers, duplicated field names, namespace tricks, or one malicious field paired with a validation-safe twin.
Common Blockers
- Schema validation enforcing exact node positions, or code that reserializes the XML before use.
PoC Sketch
<root>
<meta><icon_url>http://127.0.0.1/internal</icon_url></meta>
<icon_url>https://cdn.example/logo.png</icon_url>
</root>
Good Situations To Use It
- An app parses attacker XML with
.//selectors. - The same field feeds a server-side fetch.
- You can nest elements to control depth-first ordering.
Sources
fcsc2026/web/bubulle_corpfcsc2026/web/bubulle_corp_2