Skip to content

BuffaloWill/oxml_xxe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

106 Commits

db

db

 
 

lib

lib

 
 

output

output

 
 

public

public

 
 

samples

samples

 
 

test

test

 
 

views

views

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

Gemfile

Gemfile

 
 

Gemfile.lock

Gemfile.lock

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

payloads.yaml

payloads.yaml

 
 

server.rb

server.rb

 
 

Repository files navigation

oxml_xxe

This tool is meant to help test XXE vulnerabilities in OXML document file formats. Currently supported:

  • DOCX/XLSX/PPTX
  • ODT/ODG/ODP/ODS
  • SVG
  • XML

BH USA 2015 Presentation: Exploiting XXE in File Upload Functionality (Slides) (Recorded Webcast)

Blog Posts on the topic:

Installation

OXML_XXE was written in Ruby using Sinatra, Bootstrap, and Slim.

Docker

  1. Run docker build --tag oxml_xxe .
  2. Run docker run --name oxml_xxe -p 4567:4567 --rm oxml_xxe
  3. Browse to http://localhost:4567/ to get started.

Docker Compose

  1. Run docker-compose up --build
  2. Browse to http://localhost:4567/ to get started.

Ubuntu

Install dependencies:

apt-get install -y make git libsqlite3-dev libxslt-dev libxml2-dev zlib1g-dev gcc ruby3.2 g++

Bundle install:

gem install bundler
bundle install

Start the service:

ruby server.rb

Examples

See: https://github.com/BuffaloWill/oxml_xxe/wiki/python-docx

About

A tool for embedding XXE/XML exploits into different filetypes

Resources

Readme
Activity

Stars

1k stars

Watchers

32 watching

Forks

248 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages