This tool is meant to help test XXE vulnerabilities in OXML document file formats. Currently supported:

• DOCX/XLSX/PPTX
• ODT/ODG/ODP/ODS
• SVG
• XML

BH USA 2015 Presentation: Exploiting XXE in File Upload Functionality (Slides) (Recorded Webcast)

Blog Posts on the topic:

• Exploiting XXE Vulnerabilities in OXML Documents
• Exploiting CVE-2016-4264 With OXML_XXE

OXML_XXE was re-written in Ruby using Sinatra, Bootstrap, and Slim.

1. Run docker build --tag oxml_xxe .
2. Run docker run --name oxml_xxe -p 4567:4567 --rm oxml_xxe
3. Browse to http://localhost:4567/ to get started.

1. Run docker-compose up
2. Browse to http://localhost:4567/ to get started.

Install dependencies:

apt-get install -y make git libsqlite3-dev libxslt-dev libxml2-dev zlib1g-dev gcc ruby2.7 

Bundle install:

gem install bundler
bundle install

Start the service:

ruby server.rb

1. Build a File

Build mode adds a DOCTYPE and inserts the XML Entity into the file of the users choice.

2. String Replace in File

String replacement mode goes through and looks for the symbol § in the document. The XML Entity ("&xxe;") replaces any instances of this symbol. Note, you can open the document in and insert § anywhere to have it replaced. The common use case would be a web application which reads in a xlsx and then prints the results to the screen. Exploiting the XXE it would be possible to have the contents printed to the screen.