GitHub - sxcurity/230-OOB: An Out-of-Band XXE server for retrieving file content...

6 years ago

source link: https://github.com/sxcurity/230-OOB
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Out-of-Band XXE tool
A python script to achieve file read via FTP!

230OOB is a tool that emulates an FTP server, assisting you in achieving file read via Out-of-Band XXE.

Installation

git clone https://github.com/lc/230-OOB

Usage:

Generate an XXE payload & DTD at http://xxe.sh

Start the server:

python3 230.py 2121

everything will be logged to -> extracted.log

Recommend

2017年中国互联网新晋独角兽：共34家，其中一家成立还不到两年
福建省会为什么没有存在感？
有了它，EXE 程序也能用上好看的磁贴：EdgeTile Creators | App +1［限免］
“佛系”并不简单！神经科学有很多东西需要从佛教中学习
登录
对冲基金考虑进军比特币市场
Explore Hash Feature on Java EE Security (JSR-375) — Soteria
活该没女朋友系列
阿里腾讯几近垄断，中小电商能否绝地求生？
阿里巴巴声明：像治理雾霾一样治理网络

About Joyk

Aggregate valuable and interesting links.
Joyk means Joy of geeK