xxe-phantom
OfficialDetect and exploit XXE vulnerabilities with precision.
AuthorRifteo
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill provides a comprehensive methodology for detecting and exploiting XML External Entity (XXE) vulnerabilities, empowering users to identify and leverage XXE flaws in their target systems.
Core Features & Use Cases
- XXE Detection: Triggered by XML content interaction, enabling the identification of XXE vulnerabilities.
- File Read: Facilitates the reading of local files for local file disclosure and SSRF chaining.
- Blind OOB Exfiltration: Enables silent data exfiltration without direct server response.
- WAF Bypass: Offers techniques to bypass Web Application Firewalls.
- Use Case: If you suspect an XXE vulnerability in a web application, use this Skill to confirm its presence and exploit it to gain sensitive information.
Quick Start
Use the xxe-phantom skill to trigger an XXE on the target server by sending a request with the following XML payload to the endpoint /api/xml:
<?xml version="1.0"?>
<!DOCTYPE root [
<!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<root><data>&xxe;</data></root>
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: xxe-phantom Download link: https://github.com/Rifteo/skills/archive/main.zip#xxe-phantom Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.