XXE-POC

This is a simple application that can be used to demo XXE vulnerabilities.

Credentials: admin - password hacker - Ab123456

Setup in ubuntu: apt-get install php-fdomdocument sudo apt-get install php7.1-xml sudo apt-get install php7.0-xml

Note: make sure that "orders" directory is writable

The app simulates a simple order processing system where users upload XML files which are parsed by the app. There are 2 example XML order files that can be downloaded.

forked from https://github.com/bojanisc/AcmeXXE and Customized.

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
orders		orders
Getdata.php		Getdata.php
LICENSE		LICENSE
README.md		README.md
config.php		config.php
create.php		create.php
download_order.php		download_order.php
exploit1-infileread.xml		exploit1-infileread.xml
index.php		index.php
login.php		login.php
logout.php		logout.php
new_order.php		new_order.php
orders.php		orders.php
profile.php		profile.php
style.css		style.css
test.xml		test.xml
upload.php		upload.php
view_order.php		view_order.php

License

cyberintruder/XXE-POC

Folders and files

Latest commit

History

Repository files navigation

XXE-POC

About

Topics

Resources

License

Stars

Watchers

Forks

Languages