XMLmao - XSLT Injection
|
XPath Injection
||
XML Injection
||
XSL Injection
||
Challenges
|
Input Sanitization:
Criteria for manipulating, escaping, or rejecting attack strings
Double-up Single Quotes:
Sanitization Level:
No sanitization
Accept Only Whitelisted Items
Case-Sensitively Reject Blacklisted Items
Case-Insensitively Reject Blacklisted Items
Backslash-Escape Blacklisted Items
Case-Sensitively Remove Blacklisted Items
Case-Insensitively Remove Blacklisted Items
Case-Insensitively and Repetitively Remove Blacklisted Items
Pattern matching style
Keywords
Regexes
Enter comma-separated keywords or regexes
to whitelist or blacklist below.
Sanitization Parameters:
Environmental Settings:
Simulate transient application issues
Random Failure?
Random Time Delay?
Output Level:
Configure the verbosity of output received
Output Results:
All results
One result
Boolean (result vs no result)
No results
Error Verbosity:
Verbose error messages
Generic error messages
No error messages
Show payload in context?:
Injection Parameters:
Enter your attack string and point of injection
Injection String:
XSL processor options:
XSL processor specific options
Enable PHP functions?
Injection Location:
Static content in output
Name of field to retrieve from XML
Custom XSL document (*INJECT* specifies injection point):
|
SQLol
||
XMLmao
||
ShelLOL
||
XSSmh
||
CryptOMG
||
RFIdk
||
PHPwn
|