Skip to content

Commit

Permalink
Added vulnerable example and updated README
Browse files Browse the repository at this point in the history
  • Loading branch information
@BuffaloWill
BuffaloWill committed May 5, 2023
1 parent 9efdcd1 commit ebd406c
Showing 1 changed file with 2 additions and 8 deletions.
10 changes: 2 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,6 @@ Start the service:
ruby server.rb
```

# Usage
# Examples

**1. Build a File**

Build mode adds a `DOCTYPE` and inserts the XML Entity into the file of the users choice.

**2. String Replace in File**

String replacement mode goes through and looks for the symbol `§` in the document. The XML Entity ("&xxe;") replaces any instances of this symbol. Note, you can open the document in and insert `§` anywhere to have it replaced. The common use case would be a web application which reads in a `xlsx` and then prints the results to the screen. Exploiting the XXE it would be possible to have the contents printed to the screen.
See: https://github.com/BuffaloWill/oxml_xxe/wiki/python-docx

0 comments on commit ebd406c

Please sign in to comment.