Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-08-23 10:40:09 +00:00 committed by gitbook-bot
parent b3d436d8dc
commit 34d41f57c9
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pentesting-web/xxe-xee-xml-external-entity.md
View file

@ -133,7 +133,7 @@ In **java** based applications it might be possible to **list the contents of a
### SSRF
An XXE could also bu used to abuse a SSRF inside a cloud
An XXE could be used to abuse a SSRF inside a cloud
```markup
<?xml version="1.0" encoding="UTF-8"?>
@ -143,7 +143,7 @@ An XXE could also bu used to abuse a SSRF inside a cloud
### Blind SSRF
Using the **previously commented technique** you can make the server access a server you control to show it's vulnerable. But, if that's not working, maybe is because **XML entities aren't allowed**, in that cause you could try using **XML parameter entities**:
Using the **previously commented technique** you can make the server access a server you control to show it's vulnerable. But, if that's not working, maybe is because **XML entities aren't allowed**, in that case you could try using **XML parameter entities**:
```markup
<?xml version="1.0" encoding="UTF-8"?>