A tool for embedding XXE/XML exploits into different filetypes
This tool is meant to help test XXE vulnerabilities in OXML document file formats. Currently supported:
BH USA 2015 Presentation: Exploiting XXE in File Upload Functionality (Slides) (Recorded Webcast)
Blog Posts on the topic:
OXML_XXE was written in Ruby using Sinatra, Bootstrap, and Slim.
docker build --tag oxml_xxe .
docker run --name oxml_xxe -p 4567:4567 --rm oxml_xxe
docker-compose up --build
Install dependencies:
apt-get install -y make git libsqlite3-dev libxslt-dev libxml2-dev zlib1g-dev gcc ruby3.2 g++
Bundle install:
gem install bundler
bundle install
Start the service:
ruby server.rb
See: https://github.com/BuffaloWill/oxml_xxe/wiki/python-docx