This repository has been archived by the owner on Aug 7, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 156
/
README.xmlmao
54 lines (39 loc) · 1.53 KB
/
README.xmlmao
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
XMLmao
Daniel Crowley <[email protected]>
http://www.trustwave.com
INTRODUCTION
============
***WARNING: XMLmao IS INTENTIONALLY VULNERABLE.
DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT
EXPOSE XMLmao IN AN UNTRUSTED ENVIRONMENT.***
XMLmao is a configurable XML/XPath/XSL injection testbed. XMLmao allows
you to exploit XML/XPath injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaws.
XMLmao is based on the idea of SQLol, an earlier release which
allows for SQL injection exploitation.
Greetz to the folks at n|u http://null.co.in for giving me the motivation
to code this tool.
REQUIREMENTS
============
PHP 5.x
XSLT php module (libxslt)
Web server
USAGE
=====
Place the XMLmao source files on your Web server and
open in a Web browser.
COPYRIGHT
=========
XMLmao - A configurable XML/XPath injection testbed
Daniel "unicornFurnace" Crowley
Copyright (C) 2014 Trustwave Holdings, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>