back
loading skill details...
>-
SKILL: XML External Entity Injection (XXE) — Expert Attack Playbook AI LOAD INSTRUCTION: Expert XXE techniques. Covers all injection contexts (SOAP, REST JSON→XML parsers, Office files, SVG), OOB exfiltration (critical when direct read fails), blind XXE detection, and XXE-to-SSRF chain. Base models often miss OOB and non-XML context XXE. For real-world CVE chains, Office docx XXE step-by-step, PHP expect:// RCE, and Solr XXE+RCE, load the companion SCENARIOS.md. 0. RELATED ROUTING Also load: upload insecure files when XXE is reachable through SVG, OOXML, import, or preview pipelines Extended Scenarios Also load SCENARIOS.md when you need: Apache Solr XXE + RCE chain (CVE-2017-12629) — XXE to read config, then VelocityResponseWriter for RCE Office docx XXE step-by-step — unzip → inject DOCTYPE into word/document.xml or [Content_Types].xml → repackage → upload DOCTYPE-based blind SSRF — PUBLIC external DTD reference triggers HTTP callback without entity reflection PHP expect:// protocol via XXE — direct command execution when expect extension is installed Blind XXE via error messages — force file path error that leaks content in exception text XXE in SOAP web services — inject entities into SOAP Envelope/Body elements
don't have the plugin yet? install it then click "run inline in claude" again.