oxml_xxe

This tool is meant to help test XXE vulnerabilities in OXML document file formats. Currently supported:

DOCX/XLSX/PPTX
ODT/ODG/ODP/ODS
SVG
XML

BH USA 2015 Presentation: Exploiting XXE in File Upload Functionality (Slides) (Recorded Webcast)

Blog Posts on the topic:

Installation

OXML_XXE was written in Ruby using Sinatra, Bootstrap, and Slim.

Docker

Run docker build --tag oxml_xxe .
Run docker run --name oxml_xxe -p 4567:4567 --rm oxml_xxe
Browse to http://localhost:4567/ to get started.

Docker Compose

Run docker-compose up --build
Browse to http://localhost:4567/ to get started.

Ubuntu

Install dependencies:

apt-get install -y make git libsqlite3-dev libxslt-dev libxml2-dev zlib1g-dev gcc ruby3.2 g++

Bundle install:

gem install bundler
bundle install

Start the service:

ruby server.rb

Examples

See: https://github.com/BuffaloWill/oxml_xxe/wiki/python-docx

Name		Name	Last commit message	Last commit date
Latest commit History 108 Commits
db		db
lib		lib
output		output
public		public
samples		samples
test		test
views		views
.gitignore		.gitignore
Dockerfile		Dockerfile
Gemfile		Gemfile
Gemfile.lock		Gemfile.lock
README.md		README.md
docker-compose.yml		docker-compose.yml
payloads.yaml		payloads.yaml
server.rb		server.rb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

oxml_xxe

Installation

Docker

Docker Compose

Ubuntu

Examples

About

Releases

Packages

Contributors 8

Languages

BuffaloWill/oxml_xxe

Folders and files

Latest commit

History

Repository files navigation

oxml_xxe

Installation

Docker

Docker Compose

Ubuntu

Examples

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 8

Languages

Packages