![]() ![]() I saved this file in Notepad++ (got an error, which I, of course, ignored) and uploaded it to the web application. The basic payload I used, was the following: /?XXE1'> So I opened my favorite text editor and tried adding basic XXE payload, just to test it.Īs the application did not show the contents of the configuration file in any way, I had to use XXE payload, which would make the web server contact my server (SSRF) and from its logs I could determine if the application is vulnerable to this or not. And I was trying to find a XXE (XML External Entity) vulnerability as the application accepted and used XML files as a configuration file. On the day I have found this vulnerability I was doing a penetration test of a web application. This plugin is a small set of useful tools for editing XML with Notepad++. ![]() The plugin is XMLTools and as its description on Github ( ) states: This is a post about how I found a vulnerability in a plugin for a popular text editor Notepad++ by accident.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |