oxml_xxe

oxml_xxe : A tool for embedding XXE exploits into oxml documents.

oxml_xxe : This tool is meant to help test XXE vulnerabilities in OXML document formats.

Latest Change : oxml_xxe.rb : pdf/gif poc code
Support ffice Open XML (OpenXML; OOXML; OXML)
+ *.docx, *.pptx, *.xlsx
+ “Open” File Format developed by Microsoft
+ Available for Office 2003, Default in Office 2007
+ ZIP archive containing XML and media files.

oxml_xxe

oxml_xxe

Open XML Formats File Container

Open XML Formats File Container

+OXML_XXE:
+ XSS Testing
+ LFI; Relationship Id=”rId1″ Type=”…relationships/officeDocument” Target=”/word/document.xml”

+OXML Features;
— hlinkHover
— XSLTransform
— Embedded “Documents”
— SSRF

+Testing Cheatsheet
— Classic (X)XE in OXML
— Canary Testing DTD and XE
— XSS XE testing (CDATA/plain/attr)
— XE LFI
— Embedded (X)XE attacks
— SSRF (X)XE
— “Save As” Document Conversion

Download from git:

Source : https://github.com/BuffaloWill | Update in 2016 here: http://seclist.us/oxml_xxe-a-tool-for-embedding-xxexml-exploits-into-different-filetypes.html