mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-12 22:33:00 +00:00
Merge pull request #297 from u0pattern/u0pattern-patch-1
XXE WAF Bypass Added
This commit is contained in:
commit
e9390d1572
1 changed files with 12 additions and 0 deletions
|
@ -31,6 +31,7 @@ Syntax: `<!ENTITY entity_name SYSTEM "entity_value">`
|
|||
- [XXE inside SOAP](#xxe-inside-soap)
|
||||
- [XXE inside DOCX file](#xxe-inside-docx-file)
|
||||
- [XXE inside XLSX file](#xxe-inside-xlsx-file)
|
||||
- [XXE WAF Bypass via convert character encoding](#xxe-waf-bypass-via-convert-character-encoding)
|
||||
|
||||
## Tools
|
||||
|
||||
|
@ -507,6 +508,17 @@ updating: xl/_rels/workbook.xml.rels (deflated 66%)
|
|||
updating: xl/sharedStrings.xml (deflated 17%)
|
||||
```
|
||||
|
||||
### XXE WAF Bypass via convert character encoding
|
||||
|
||||
In XXE WAFs, DTD Prolog are usually blacklisted BUT not all WAFs blacklist the UTF-16 character encoding<br><br>
|
||||
`All XML processors must accept the UTF-8 and UTF-16 encodings of Unicode`
|
||||
-- https://www.w3.org/XML/xml-V10-4e-errata#E11
|
||||
<br><br>
|
||||
we can convert the character encoding to `UTF-16` using [iconv](https://man7.org/linux/man-pages/man1/iconv.1.html) to bypass the XXE WAF:-<br>
|
||||
```bash
|
||||
cat utf8exploit.xml | iconv -f UTF-8 -t UTF-16BE > utf16exploit.xml
|
||||
```
|
||||
|
||||
|
||||
## References
|
||||
|
||||
|
|
Loading…
Reference in a new issue