Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 12:43:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2021-08-23 10:40:09 +00:00 committed by gitbook-bot
parent b3d436d8dc
commit 34d41f57c9
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pentesting-web/xxe-xee-xml-external-entity.md
View file

@ -133,7 +133,7 @@ In **java** based applications it might be possible to **list the contents of a
### SSRF ### SSRF
An XXE could also bu used to abuse a SSRF inside a cloud An XXE could be used to abuse a SSRF inside a cloud
```markup ```markup
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
@ -143,7 +143,7 @@ An XXE could also bu used to abuse a SSRF inside a cloud
### Blind SSRF ### Blind SSRF
Using the **previously commented technique** you can make the server access a server you control to show it's vulnerable. But, if that's not working, maybe is because **XML entities aren't allowed**, in that cause you could try using **XML parameter entities**: Using the **previously commented technique** you can make the server access a server you control to show it's vulnerable. But, if that's not working, maybe is because **XML entities aren't allowed**, in that case you could try using **XML parameter entities**:
```markup ```markup
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>