Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PHP XXE tester
<?php
// Extended tester from ezimuel (https://gist.github.com/ezimuel/9135151)
// The libxml entity loader is disabled by default
// even setting the libxml_disable_entity_loader to false doesn't works!
//
// @see http://uk3.php.net/manual/en/function.libxml-disable-entity-loader.php
// @see http://stackoverflow.com/a/10213239
// @see https://stackoverflow.com/questions/24117700
$dir = __DIR__;
$content = 'WARNING, external entity loaded!';
file_put_contents('content.txt', $content);
$xml = <<<EOD
<?xml version="1.0"?>
<!DOCTYPE root
[
<!ENTITY foo SYSTEM "file://$dir/content.txt">
]>
<test><testing>&foo;</testing></test>
EOD;
file_put_contents('content.xml', $xml);
printf ("PHP verion %s\n", PHP_VERSION);
printf ("Libxml library ver. %s\n", LIBXML_DOTTED_VERSION);
printf("\nTesting simplexml_load_string\n");
// simplexml_load_string() testing
$doc = simplexml_load_string($xml);
printf("Default behaviour: %s\n", $doc->testing);
$oldValue = libxml_disable_entity_loader(false); // enable entity load?
$doc = simplexml_load_string($xml);
printf("libxml_disable_entity to false: %s\n", $doc->testing);
libxml_disable_entity_loader($oldValue);
$oldValue = libxml_disable_entity_loader(true); // enable entity load?
$doc = simplexml_load_string($xml);
printf("libxml_disable_entity to true: %s\n", $doc->testing);
libxml_disable_entity_loader($oldValue);
$doc = simplexml_load_string($xml, null, LIBXML_NOENT);
printf("LIBXML_NOENT: %s\n", $doc->testing);
// simplexml_load_file() testing
printf("\nTesting simplexml_load_file\n");
$doc = simplexml_load_file('content.xml');
printf("Default behaviour: %s\n", $doc->testing);
$oldValue = libxml_disable_entity_loader(false); // enable entity load?
$doc = simplexml_load_file('content.xml');
printf("libxml_disable_entity to false: %s\n", $doc->testing);
libxml_disable_entity_loader($oldValue);
$oldValue = libxml_disable_entity_loader(true);
$doc = simplexml_load_file('content.xml');
printf("libxml_disable_entity to true: %s\n", $doc->testing);
libxml_disable_entity_loader($oldValue);
$doc = simplexml_load_file('content.xml', null, LIBXML_NOENT);
printf("LIBXML_NOENT: %s\n", $doc->testing);
// test DOMDocument
printf("\nTesting DOM (loadXml)\n");
$dom = new DOMDocument('1.0');
$dom->loadXml($xml);
$testing = $dom->getElementsByTagName('testing')->item(0);
printf("Default behaviour: %s\n", $testing->nodeValue);
$oldValue = libxml_disable_entity_loader(false); // enable entity load?
$dom = new DOMDocument('1.0');
$dom->loadXml($xml);
$testing = $dom->getElementsByTagName('testing')->item(0);
printf("libxml_disable_entity to false: %s\n", $testing->nodeValue);
libxml_disable_entity_loader($oldValue);
$oldValue = libxml_disable_entity_loader(true);
$dom = new DOMDocument('1.0');
$dom->loadXml($xml);
$testing = $dom->getElementsByTagName('testing')->item(0);
printf("libxml_disable_entity to true: %s\n", $testing->nodeValue);
libxml_disable_entity_loader($oldValue);
$dom->loadXml($xml, LIBXML_NOENT);
$testing = $dom->getElementsByTagName('testing')->item(0);
printf("LIBXML_NOENT: %s\n", $testing->nodeValue);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.