xxe-phantom

Official

Detect and exploit XXE vulnerabilities with precision.

AuthorRifteo
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill provides a comprehensive methodology for detecting and exploiting XML External Entity (XXE) vulnerabilities, empowering users to identify and leverage XXE flaws in their target systems.

Core Features & Use Cases

  • XXE Detection: Triggered by XML content interaction, enabling the identification of XXE vulnerabilities.
  • File Read: Facilitates the reading of local files for local file disclosure and SSRF chaining.
  • Blind OOB Exfiltration: Enables silent data exfiltration without direct server response.
  • WAF Bypass: Offers techniques to bypass Web Application Firewalls.
  • Use Case: If you suspect an XXE vulnerability in a web application, use this Skill to confirm its presence and exploit it to gain sensitive information.

Quick Start

Use the xxe-phantom skill to trigger an XXE on the target server by sending a request with the following XML payload to the endpoint /api/xml:

<?xml version="1.0"?>
<!DOCTYPE root [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<root><data>&xxe;</data></root>

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: xxe-phantom
Download link: https://github.com/Rifteo/skills/archive/main.zip#xxe-phantom

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.