XXEinjector is a Ruby-based XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications and the brute forcing method needs to be used for other applications.
Usage of XXEinjector XXE Injection Tool
XXEinjector actually has a LOT of options, so do have a look through to see how you can best leverage this type of attack. Obviously Ruby is a prequisite to run the tool.
Laisser un commentaire
Participez-vous à la discussion?N'hésitez pas à contribuer!