mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-26 06:30:37 +00:00
GitBook: [master] one page modified
This commit is contained in:
parent
b3d436d8dc
commit
34d41f57c9
1 changed files with 2 additions and 2 deletions
|
@ -133,7 +133,7 @@ In **java** based applications it might be possible to **list the contents of a
|
||||||
|
|
||||||
### SSRF
|
### SSRF
|
||||||
|
|
||||||
An XXE could also bu used to abuse a SSRF inside a cloud
|
An XXE could be used to abuse a SSRF inside a cloud
|
||||||
|
|
||||||
```markup
|
```markup
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
@ -143,7 +143,7 @@ An XXE could also bu used to abuse a SSRF inside a cloud
|
||||||
|
|
||||||
### Blind SSRF
|
### Blind SSRF
|
||||||
|
|
||||||
Using the **previously commented technique** you can make the server access a server you control to show it's vulnerable. But, if that's not working, maybe is because **XML entities aren't allowed**, in that cause you could try using **XML parameter entities**:
|
Using the **previously commented technique** you can make the server access a server you control to show it's vulnerable. But, if that's not working, maybe is because **XML entities aren't allowed**, in that case you could try using **XML parameter entities**:
|
||||||
|
|
||||||
```markup
|
```markup
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
Loading…
Reference in a new issue