Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/BuffaloWill/oxml_xxe
A tool for embedding XXE/XML exploits into different filetypes
https://github.com/BuffaloWill/oxml_xxe
Last synced: 5 days ago
JSON representation
A tool for embedding XXE/XML exploits into different filetypes
- Host: GitHub
- URL: https://github.com/BuffaloWill/oxml_xxe
- Owner: BuffaloWill
- Created: 2015-03-06T20:30:49.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-07-11T01:54:08.000Z (4 months ago)
- Last Synced: 2024-10-23T01:03:33.441Z (17 days ago)
- Language: Ruby
- Homepage:
- Size: 2.58 MB
- Stars: 1,033
- Watchers: 32
- Forks: 231
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-bugbounty-tools - oxml_xxe - A tool for embedding XXE/XML exploits into different filetypes (Exploitation / XXE Injection)
- WebHackersWeapons - oxml_xxe
README
# oxml_xxe
This tool is meant to help test XXE vulnerabilities in **OXML document** file formats. Currently supported:- DOCX/XLSX/PPTX
- ODT/ODG/ODP/ODS
- SVG
- XMLBH USA 2015 Presentation: [Exploiting XXE in File Upload Functionality (Slides)](http://oxmlxxe.github.io/reveal.js/slides.html#/) [(Recorded Webcast)](https://www.blackhat.com/html/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.html)
Blog Posts on the topic:
- [Exploiting XXE Vulnerabilities in OXML Documents](https://www.silentrobots.com/exploiting-xxe-in-file-upload-functionality/)
- [Exploiting CVE-2016-4264 With OXML_XXE](https://www.silentrobots.com/exploiting-cve-2016-4264-with-oxml_xxe/)# Installation
OXML_XXE was written in Ruby using Sinatra, Bootstrap, and Slim.
## Docker
1. Run `docker build --tag oxml_xxe .`
2. Run `docker run --name oxml_xxe -p 4567:4567 --rm oxml_xxe`
2. Browse to http://localhost:4567/ to get started.## Docker Compose
1. Run `docker-compose up --build`
2. Browse to http://localhost:4567/ to get started.## Ubuntu
Install dependencies:
```bash
apt-get install -y make git libsqlite3-dev libxslt-dev libxml2-dev zlib1g-dev gcc ruby3.2 g++
```Bundle install:
```bash
gem install bundler
bundle install
```Start the service:
```bash
ruby server.rb
```# Examples
See: https://github.com/BuffaloWill/oxml_xxe/wiki/python-docx