GitHub - jbarone/xxelab: A simple web app with a XXE vulnerability.
Skip to content

jbarone/xxelab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
penlab
penlab
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Vagrantfile
Vagrantfile
 
 
httpd-foreground
httpd-foreground
 
 
xxe_shell.py
xxe_shell.py
 
 

Repository files navigation

XXE Lab

This virtual environment is a simple php web application that contains an example of an XML eXternal Entity vulnerability.

Setting Up

This lab is designed to be used in vagrant. To get setup, first you need to clone this repo and then start vagrant.

$ git clone https://github.com/jbarone/xxelab.git
$ cd xxelab
$ vagrant up

Using

Once the site is up and running you simple navigate your browser to http://192.168.33.10 and have fun.

Docker

You can now run XXELab in a Docker container. Build the image:

$ git clone https://github.com/jbarone/xxelab.git
$ cd xxelab
$ docker build -t xxelab .

Run:

$ docker run -it --rm -p 127.0.0.1:5000:80 xxelab

Open http://localhost:5000 and have fun.

Notes

This lab works best when you make use of a proxy that will allow you to see the requests and responses. There are many you can use, but here are a few recommended ones:

About

A simple web app with a XXE vulnerability.

Resources

Readme

License

MIT license
Activity

Stars

225 stars

Watchers

6 watching

Forks

63 forks
Report repository

Releases 1

v1.0 Latest
Jan 27, 2016

Packages

No packages published

Languages