xxe
OfficialExploit XXE injection vulnerabilities.
Software Engineering#penetration testing#ssrf#xxe#xml injection#vulnerability exploitation#file disclosure
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit XML External Entity (XXE) injection vulnerabilities in web applications, allowing for file disclosure, server-side request forgery, and potential remote code execution.
Core Features & Use Cases
- XXE Detection: Probes for XXE vulnerabilities by testing entity resolution.
- File Disclosure: Reads sensitive files from the server (e.g.,
/etc/passwd). - SSRF: Leverages XXE to make requests to internal or external resources.
- Blind XXE: Handles scenarios where responses are not reflected, using out-of-band techniques.
- File Upload Exploitation: Exploits XXE in file upload formats like SVG, DOCX, and XLSX.
Quick Start
Use the xxe skill to attempt reading the '/etc/passwd' file from the target.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: xxe Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#xxe Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.