Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-10 07:04:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #83 from noraj/patch-3

Browse source 
add XXE ftp tool
This commit is contained in:
Swissky 2019-08-06 18:06:38 +02:00 committed by GitHub
commit 9a8b2fee8e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
XXE Injection/README.md
View file

@ -32,6 +32,11 @@ Syntax: `<!ENTITY entity_name SYSTEM "entity_value">`
```
sudo ./xxeftp -uno 443 ./xxeftp -w -wps 5555
```
- [230-OOB](https://github.com/lc/230-OOB) and payload generation via [http://xxe.sh/](http://xxe.sh/)
```
$ python3 230.py 2121
```
## Detect the vulnerability
@ -306,4 +311,4 @@ GIF (experimental)
* [XXE in Uber to read local files](https://httpsonly.blogspot.hk/2017/01/0day-writeup-xxe-in-ubercom.html)
* [XXE by SVG in community.lithium.com](http://esoln.net/Research/2017/03/30/xxe-in-lithium-community-platform/)
* [XXE inside SVG](https://quanyang.github.io/x-ctf-finals-2016-john-slick-web-25/)
* [Pentest XXE - @phonexicum](https://phonexicum.github.io/infosec/xxe.html)
* [Pentest XXE - @phonexicum](https://phonexicum.github.io/infosec/xxe.html)