├── .gitattributes
├── .gitignore
├── Csharp_xxe
    ├── .vs
    │   ├── Csharp_xxe
    │   │   └── v14
    │   │   │   └── .suo
    │   └── config
    │   │   └── applicationhost.config
    ├── Csharp_xxe.sln
    └── Csharp_xxe
    │   ├── App_Start
    │       ├── FilterConfig.cs
    │       └── RouteConfig.cs
    │   ├── ApplicationInsights.config
    │   ├── Controllers
    │       └── LoginController.cs
    │   ├── Csharp_xxe.csproj
    │   ├── Global.asax
    │   ├── Global.asax.cs
    │   ├── Startup.cs
    │   ├── Views
    │       ├── Login
    │       │   └── Index.cshtml
    │       ├── Shared
    │       │   └── _Layout.cshtml
    │       ├── Web.config
    │       └── _ViewStart.cshtml
    │   ├── Web.config
    │   ├── css
    │       ├── bootstrap.min.css
    │       ├── demo.css
    │       ├── font.css
    │       ├── icon.css
    │       └── material-bootstrap-wizard.css
    │   ├── img
    │       ├── Csharp_logo.png
    │       └── favicon.png
    │   ├── js
    │       ├── bootstrap.min.js
    │       ├── jquery-2.2.4.min.js
    │       ├── jquery.bootstrap.js
    │       ├── jquery.validate.min.js
    │       └── material-bootstrap-wizard.js
    │   └── packages.config
├── LICENSE
├── README.md
├── doc
    ├── Csharp_xxe.png
    ├── XXE-LAB.png
    ├── java_xxe.png
    ├── php_xxe.png
    ├── php_xxe_demo.gif
    └── python_xxe.png
├── java_xxe
    ├── .classpath
    ├── .project
    ├── WebContent
    │   ├── META-INF
    │   │   └── MANIFEST.MF
    │   ├── WEB-INF
    │   │   └── web.xml
    │   ├── css
    │   │   ├── bootstrap.min.css
    │   │   ├── demo.css
    │   │   ├── font.css
    │   │   ├── icon.css
    │   │   └── material-bootstrap-wizard.css
    │   ├── img
    │   │   ├── favicon.png
    │   │   └── java_logo.png
    │   ├── index.html
    │   └── js
    │   │   ├── bootstrap.min.js
    │   │   ├── jquery-2.2.4.min.js
    │   │   ├── jquery.bootstrap.js
    │   │   ├── jquery.validate.min.js
    │   │   └── material-bootstrap-wizard.js
    └── src
    │   └── me
    │       └── gv7
    │           └── xxe
    │               └── LoginServlet.java
├── php_xxe
    ├── css
    │   ├── bootstrap.min.css
    │   ├── demo.css
    │   ├── font.css
    │   ├── icon.css
    │   └── material-bootstrap-wizard.css
    ├── doLogin.php
    ├── img
    │   ├── favicon.png
    │   └── php_logo.png
    ├── index.html
    └── js
    │   ├── bootstrap.min.js
    │   ├── jquery-2.2.4.min.js
    │   ├── jquery.bootstrap.js
    │   ├── jquery.validate.min.js
    │   └── material-bootstrap-wizard.js
└── python_xxe
    ├── static
        ├── css
        │   ├── bootstrap.min.css
        │   ├── demo.css
        │   ├── font.css
        │   ├── icon.css
        │   └── material-bootstrap-wizard.css
        ├── img
        │   ├── favicon.png
        │   └── python_logo.png
        └── js
        │   ├── bootstrap.min.js
        │   ├── jquery-2.2.4.min.js
        │   ├── jquery.bootstrap.js
        │   ├── jquery.validate.min.js
        │   └── material-bootstrap-wizard.js
    ├── templates
        └── index.html
    └── xxe.py


/.gitattributes:
--------------------------------------------------------------------------------
1 | *.js linguist-language=Python
2 | *.css linguist-language=Python
3 | *.html linguist-language=Python
4 | *.php linguist-language=Python
5 | *.java linguist-language=Python
6 | *.cs linguist-language=Python


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | # Byte-compiled / optimized / DLL files
  2 | __pycache__/
  3 | *.py[cod]
  4 | *$py.class
  5 | 
  6 | # C extensions
  7 | *.so
  8 | 
  9 | # Distribution / packaging
 10 | .Python
 11 | env/
 12 | build/
 13 | develop-eggs/
 14 | dist/
 15 | downloads/
 16 | eggs/
 17 | .eggs/
 18 | lib/
 19 | lib64/
 20 | parts/
 21 | sdist/
 22 | var/
 23 | wheels/
 24 | *.egg-info/
 25 | .installed.cfg
 26 | *.egg
 27 | 
 28 | # PyInstaller
 29 | #  Usually these files are written by a python script from a template
 30 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 31 | *.manifest
 32 | *.spec
 33 | 
 34 | # Installer logs
 35 | pip-log.txt
 36 | pip-delete-this-directory.txt
 37 | 
 38 | # Unit test / coverage reports
 39 | htmlcov/
 40 | .tox/
 41 | .coverage
 42 | .coverage.*
 43 | .cache
 44 | nosetests.xml
 45 | coverage.xml
 46 | *.cover
 47 | .hypothesis/
 48 | 
 49 | # Translations
 50 | *.mo
 51 | *.pot
 52 | 
 53 | # Django stuff:
 54 | *.log
 55 | local_settings.py
 56 | 
 57 | # Flask stuff:
 58 | instance/
 59 | .webassets-cache
 60 | 
 61 | # Scrapy stuff:
 62 | .scrapy
 63 | 
 64 | # Sphinx documentation
 65 | docs/_build/
 66 | 
 67 | # PyBuilder
 68 | target/
 69 | 
 70 | # Jupyter Notebook
 71 | .ipynb_checkpoints
 72 | 
 73 | # pyenv
 74 | .python-version
 75 | 
 76 | # celery beat schedule file
 77 | celerybeat-schedule
 78 | 
 79 | # SageMath parsed files
 80 | *.sage.py
 81 | 
 82 | # dotenv
 83 | .env
 84 | 
 85 | # virtualenv
 86 | .venv
 87 | venv/
 88 | ENV/
 89 | 
 90 | # Spyder project settings
 91 | .spyderproject
 92 | .spyproject
 93 | 
 94 | # Rope project settings
 95 | .ropeproject
 96 | 
 97 | # mkdocs documentation
 98 | /site
 99 | 
100 | # mypy
101 | .mypy_cache/
102 | 


--------------------------------------------------------------------------------
/Csharp_xxe/.vs/Csharp_xxe/v14/.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/Csharp_xxe/.vs/Csharp_xxe/v14/.suo


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25420.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Csharp_xxe", "Csharp_xxe\Csharp_xxe.csproj", "{D9791C2A-6A0E-445A-B41C-8E11ADD522A1}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{D9791C2A-6A0E-445A-B41C-8E11ADD522A1}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{D9791C2A-6A0E-445A-B41C-8E11ADD522A1}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{D9791C2A-6A0E-445A-B41C-8E11ADD522A1}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{D9791C2A-6A0E-445A-B41C-8E11ADD522A1}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | EndGlobal
23 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/App_Start/FilterConfig.cs:
--------------------------------------------------------------------------------
 1 | using System.Web;
 2 | using System.Web.Mvc;
 3 | 
 4 | namespace Csharp_xxe
 5 | {
 6 |     public class FilterConfig
 7 |     {
 8 |         public static void RegisterGlobalFilters(GlobalFilterCollection filters)
 9 |         {
10 |             filters.Add(new HandleErrorAttribute());
11 |         }
12 |     }
13 | }
14 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/App_Start/RouteConfig.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Web;
 5 | using System.Web.Mvc;
 6 | using System.Web.Routing;
 7 | 
 8 | namespace Csharp_xxe
 9 | {
10 |     public class RouteConfig
11 |     {
12 |         public static void RegisterRoutes(RouteCollection routes)
13 |         {
14 |             routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
15 | 
16 |             routes.MapRoute(
17 |                 name: "Default",
18 |                 url: "{controller}/{action}/{id}",
19 |                 defaults: new { controller = "Login", action = "Index", id = UrlParameter.Optional }
20 |             );
21 |         }
22 |     }
23 | }
24 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/ApplicationInsights.config:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <ApplicationInsights xmlns="http://schemas.microsoft.com/ApplicationInsights/2013/Settings">
 3 | 	<TelemetryModules>
 4 | 		<Add Type="Microsoft.ApplicationInsights.DependencyCollector.DependencyTrackingTelemetryModule, Microsoft.AI.DependencyCollector"/>
 5 | 		<Add Type="Microsoft.ApplicationInsights.Extensibility.PerfCounterCollector.PerformanceCollectorModule, Microsoft.AI.PerfCounterCollector">
 6 | 			<!--
 7 |       Use the following syntax here to collect additional performance counters:
 8 |       
 9 |       <Counters>
10 |         <Add PerformanceCounter="\Process(??APP_WIN32_PROC??)\Handle Count" ReportAs="Process handle count" />
11 |         ...
12 |       </Counters>
13 |       
14 |       PerformanceCounter must be either \CategoryName(InstanceName)\CounterName or \CategoryName\CounterName
15 |       
16 |       Counter names may only contain letters, round brackets, forward slashes, hyphens, underscores, spaces and dots.
17 |       You may provide an optional ReportAs attribute which will be used as the metric name when reporting counter data.
18 |       For the purposes of reporting, metric names will be sanitized by removing all invalid characters from the resulting metric name.
19 |       
20 |       NOTE: performance counters configuration will be lost upon NuGet upgrade.
21 |       
22 |       The following placeholders are supported as InstanceName:
23 |         ??APP_WIN32_PROC?? - instance name of the application process  for Win32 counters.
24 |         ??APP_W3SVC_PROC?? - instance name of the application IIS worker process for IIS/ASP.NET counters.
25 |         ??APP_CLR_PROC?? - instance name of the application CLR process for .NET counters.
26 |       -->
27 | 		</Add>
28 | 		<Add Type="Microsoft.ApplicationInsights.WindowsServer.DeveloperModeWithDebuggerAttachedTelemetryModule, Microsoft.AI.WindowsServer"/>
29 | 		<Add Type="Microsoft.ApplicationInsights.WindowsServer.UnhandledExceptionTelemetryModule, Microsoft.AI.WindowsServer"/>
30 | 		<Add Type="Microsoft.ApplicationInsights.WindowsServer.UnobservedExceptionTelemetryModule, Microsoft.AI.WindowsServer"/>
31 | 		<Add Type="Microsoft.ApplicationInsights.Web.RequestTrackingTelemetryModule, Microsoft.AI.Web">
32 | 			<Handlers>
33 | 				<!-- 
34 |         Add entries here to filter out additional handlers: 
35 |         
36 |         NOTE: handler configuration will be lost upon NuGet upgrade.
37 |         -->
38 | 				<Add>System.Web.Handlers.TransferRequestHandler</Add>
39 | 				<Add>Microsoft.VisualStudio.Web.PageInspector.Runtime.Tracing.RequestDataHttpHandler</Add>
40 | 				<Add>System.Web.StaticFileHandler</Add>
41 | 				<Add>System.Web.Handlers.AssemblyResourceLoader</Add>
42 | 				<Add>System.Web.Optimization.BundleHandler</Add>
43 | 				<Add>System.Web.Script.Services.ScriptHandlerFactory</Add>
44 | 				<Add>System.Web.Handlers.TraceHandler</Add>
45 | 				<Add>System.Web.Services.Discovery.DiscoveryRequestHandler</Add>
46 | 				<Add>System.Web.HttpDebugHandler</Add>
47 | 			</Handlers>
48 | 		</Add>
49 | 		<Add Type="Microsoft.ApplicationInsights.Web.ExceptionTrackingTelemetryModule, Microsoft.AI.Web"/>
50 | 	</TelemetryModules>
51 | 	<TelemetryChannel Type="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.ServerTelemetryChannel, Microsoft.AI.ServerTelemetryChannel"/>
52 | 	<TelemetryProcessors>
53 | 		<Add Type="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.AdaptiveSamplingTelemetryProcessor, Microsoft.AI.ServerTelemetryChannel">
54 | 			<MaxTelemetryItemsPerSecond>5</MaxTelemetryItemsPerSecond>
55 | 		</Add>
56 | 	</TelemetryProcessors>
57 | <!-- 
58 |     Learn more about Application Insights configuration with ApplicationInsights.config here: 
59 |     http://go.microsoft.com/fwlink/?LinkID=513840
60 |     
61 |     Note: If not present, please add <InstrumentationKey>Your Key</InstrumentationKey> to the top of this file.
62 |   -->
63 | <TelemetryInitializers>
64 | <Add Type="Microsoft.ApplicationInsights.WindowsServer.AzureRoleEnvironmentTelemetryInitializer, Microsoft.AI.WindowsServer"/>
65 | <Add Type="Microsoft.ApplicationInsights.WindowsServer.DomainNameRoleInstanceTelemetryInitializer, Microsoft.AI.WindowsServer"/>
66 | <Add Type="Microsoft.ApplicationInsights.WindowsServer.BuildInfoConfigComponentVersionTelemetryInitializer, Microsoft.AI.WindowsServer"/>
67 | <Add Type="Microsoft.ApplicationInsights.Web.WebTestTelemetryInitializer, Microsoft.AI.Web"/>
68 | <Add Type="Microsoft.ApplicationInsights.Web.SyntheticUserAgentTelemetryInitializer, Microsoft.AI.Web">
69 | <Filters>
70 | <Add Pattern="(YottaaMonitor|BrowserMob|HttpMonitor|YandexBot|BingPreview|PagePeeker|ThumbShotsBot|WebThumb|URL2PNG|ZooShot|GomezA|Catchpoint bot|Willow Internet Crawler|Google SketchUp|Read%20Later|KTXN|Pingdom|AlwaysOn)"/>
71 | <Add Pattern="Slurp" SourceName="Yahoo Bot"/>
72 | <Add Pattern="(bot|zao|borg|Bot|oegp|silk|Xenu|zeal|^NING|crawl|Crawl|htdig|lycos|slurp|teoma|voila|yahoo|Sogou|CiBra|Nutch|^Java/|^JNLP/|Daumoa|Genieo|ichiro|larbin|pompos|Scrapy|snappy|speedy|spider|Spider|vortex|favicon|indexer|Riddler|scooter|scraper|scrubby|WhatWeb|WinHTTP|^voyager|archiver|Icarus6j|mogimogi|Netvibes|altavista|charlotte|findlinks|Retreiver|TLSProber|WordPress|wsr\-agent|Squrl Java|A6\-Indexer|netresearch|searchsight|http%20client|Python-urllib|dataparksearch|Screaming Frog|AppEngine-Google|YahooCacheSystem|semanticdiscovery|facebookexternalhit|Google.*/\+/web/snippet|Google-HTTP-Java-Client)"
73 | SourceName="Spider"/>
74 | </Filters>
75 | </Add>
76 | <Add Type="Microsoft.ApplicationInsights.Web.ClientIpHeaderTelemetryInitializer, Microsoft.AI.Web"/>
77 | <Add Type="Microsoft.ApplicationInsights.Web.OperationNameTelemetryInitializer, Microsoft.AI.Web"/>
78 | <Add Type="Microsoft.ApplicationInsights.Web.OperationCorrelationTelemetryInitializer, Microsoft.AI.Web"/>
79 | <Add Type="Microsoft.ApplicationInsights.Web.UserTelemetryInitializer, Microsoft.AI.Web"/>
80 | <Add Type="Microsoft.ApplicationInsights.Web.AuthenticatedUserIdTelemetryInitializer, Microsoft.AI.Web"/>
81 | <Add Type="Microsoft.ApplicationInsights.Web.AccountIdTelemetryInitializer, Microsoft.AI.Web"/>
82 | <Add Type="Microsoft.ApplicationInsights.Web.SessionTelemetryInitializer, Microsoft.AI.Web"/>
83 | </TelemetryInitializers>
84 | </ApplicationInsights>


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Controllers/LoginController.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.IO;
 4 | using System.Linq;
 5 | using System.Web;
 6 | using System.Web.Mvc;
 7 | using System.Xml;
 8 | 
 9 | namespace Csharp_xxe.Controllers
10 | {
11 |     public class LoginController : Controller
12 |     {
13 |         private static string USERNAME = "admin";
14 |         private static string PASSWORD = "admin";
15 | 
16 |         // GET: Login
17 |         public ActionResult Index()
18 |         {
19 |             return View();
20 |         }
21 | 
22 |         public void doLogin()
23 |         {
24 |             string result = String.Format("<result><code>{0}</code><msg>{1}</msg></result>",null,null);
25 |             if (Request.RequestType == "POST")
26 |             {
27 |                 try
28 |                 {
29 |                     //接收并读取POST过来的XML文件流
30 |                     StreamReader reader = new StreamReader(Request.InputStream);
31 |                     String xmlData = reader.ReadToEnd();
32 |                     var doc = new XmlDocument();
33 |                     doc.LoadXml(xmlData);
34 |                     XmlElement xRoot = doc.DocumentElement;
35 | 
36 |                     XmlNode uNode = xRoot.GetElementsByTagName("username")[0];
37 |                     XmlNode pNode = xRoot.GetElementsByTagName("password")[0];
38 | 
39 |                     string username = uNode.InnerText;
40 |                     string password = pNode.InnerText;
41 | 
42 |                     if (username.Equals(USERNAME) && password.Equals(PASSWORD))
43 |                     {
44 |                         result = String.Format("<result><code>{0}</code><msg>{1}</msg></result>", 1, username);
45 |                     }
46 |                     else
47 |                     {
48 |                         result = String.Format("<result><code>{0}</code><msg>{1}</msg></result>", 0, username);
49 |                     }
50 |                 }
51 |                 catch (ArgumentException e1)
52 |                 {
53 |                     result = String.Format("<result><code>{0}</code><msg>{1}</msg></result>", 3, e1);
54 |                 }
55 |                 catch (XmlException e2)
56 |                 {
57 |                     result = String.Format("<result><code>{0}</code><msg>{1}</msg></result>", 3, e2);
58 |                 }
59 |                 finally
60 |                 {
61 |                     Response.ContentType = "text/xml; charset=utf-8";
62 |                     Response.Write(result);
63 |                 }
64 | 
65 |             }
66 |         }
67 |     }
68 | }


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Csharp_xxe.csproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <Import Project="..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\build\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.props" Condition="Exists('..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\build\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.props')" />
  4 |   <Import Project="..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props" Condition="Exists('..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props')" />
  5 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
  6 |   <PropertyGroup>
  7 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
  8 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
  9 |     <ProductVersion>
 10 |     </ProductVersion>
 11 |     <SchemaVersion>2.0</SchemaVersion>
 12 |     <ProjectGuid>{D9791C2A-6A0E-445A-B41C-8E11ADD522A1}</ProjectGuid>
 13 |     <ProjectTypeGuids>{349c5851-65df-11da-9384-00065b846f21};{fae04ec0-301f-11d3-bf4b-00c04f79efbc}</ProjectTypeGuids>
 14 |     <OutputType>Library</OutputType>
 15 |     <AppDesignerFolder>Properties</AppDesignerFolder>
 16 |     <RootNamespace>Csharp_xxe</RootNamespace>
 17 |     <AssemblyName>Csharp_xxe</AssemblyName>
 18 |     <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
 19 |     <MvcBuildViews>false</MvcBuildViews>
 20 |     <UseIISExpress>true</UseIISExpress>
 21 |     <IISExpressSSLPort />
 22 |     <IISExpressAnonymousAuthentication />
 23 |     <IISExpressWindowsAuthentication />
 24 |     <IISExpressUseClassicPipelineMode />
 25 |     <UseGlobalApplicationHostFile />
 26 |     <NuGetPackageImportStamp>
 27 |     </NuGetPackageImportStamp>
 28 |   </PropertyGroup>
 29 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 30 |     <DebugSymbols>true</DebugSymbols>
 31 |     <DebugType>full</DebugType>
 32 |     <Optimize>false</Optimize>
 33 |     <OutputPath>bin\</OutputPath>
 34 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
 35 |     <ErrorReport>prompt</ErrorReport>
 36 |     <WarningLevel>4</WarningLevel>
 37 |   </PropertyGroup>
 38 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
 39 |     <DebugType>pdbonly</DebugType>
 40 |     <Optimize>true</Optimize>
 41 |     <OutputPath>bin\</OutputPath>
 42 |     <DefineConstants>TRACE</DefineConstants>
 43 |     <ErrorReport>prompt</ErrorReport>
 44 |     <WarningLevel>4</WarningLevel>
 45 |   </PropertyGroup>
 46 |   <ItemGroup>
 47 |     <Reference Include="Microsoft.AI.Agent.Intercept, Version=1.2.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 48 |       <HintPath>..\packages\Microsoft.ApplicationInsights.Agent.Intercept.1.2.1\lib\net45\Microsoft.AI.Agent.Intercept.dll</HintPath>
 49 |       <Private>True</Private>
 50 |     </Reference>
 51 |     <Reference Include="Microsoft.AI.DependencyCollector, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 52 |       <HintPath>..\packages\Microsoft.ApplicationInsights.DependencyCollector.2.0.0\lib\net45\Microsoft.AI.DependencyCollector.dll</HintPath>
 53 |       <Private>True</Private>
 54 |     </Reference>
 55 |     <Reference Include="Microsoft.AI.PerfCounterCollector, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 56 |       <HintPath>..\packages\Microsoft.ApplicationInsights.PerfCounterCollector.2.0.0\lib\net45\Microsoft.AI.PerfCounterCollector.dll</HintPath>
 57 |       <Private>True</Private>
 58 |     </Reference>
 59 |     <Reference Include="Microsoft.AI.ServerTelemetryChannel, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 60 |       <HintPath>..\packages\Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel.2.0.0\lib\net45\Microsoft.AI.ServerTelemetryChannel.dll</HintPath>
 61 |       <Private>True</Private>
 62 |     </Reference>
 63 |     <Reference Include="Microsoft.AI.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 64 |       <HintPath>..\packages\Microsoft.ApplicationInsights.Web.2.0.0\lib\net45\Microsoft.AI.Web.dll</HintPath>
 65 |       <Private>True</Private>
 66 |     </Reference>
 67 |     <Reference Include="Microsoft.AI.WindowsServer, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 68 |       <HintPath>..\packages\Microsoft.ApplicationInsights.WindowsServer.2.0.0\lib\net45\Microsoft.AI.WindowsServer.dll</HintPath>
 69 |       <Private>True</Private>
 70 |     </Reference>
 71 |     <Reference Include="Microsoft.ApplicationInsights, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 72 |       <HintPath>..\packages\Microsoft.ApplicationInsights.2.0.0\lib\net45\Microsoft.ApplicationInsights.dll</HintPath>
 73 |       <Private>True</Private>
 74 |     </Reference>
 75 |     <Reference Include="Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 76 |       <HintPath>..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\lib\net45\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.dll</HintPath>
 77 |       <Private>True</Private>
 78 |     </Reference>
 79 |     <Reference Include="Microsoft.CSharp" />
 80 |     <Reference Include="System" />
 81 |     <Reference Include="System.Data" />
 82 |     <Reference Include="System.Drawing" />
 83 |     <Reference Include="System.Web.DynamicData" />
 84 |     <Reference Include="System.Web.Entity" />
 85 |     <Reference Include="System.Web.ApplicationServices" />
 86 |     <Reference Include="System.ComponentModel.DataAnnotations" />
 87 |     <Reference Include="System.Core" />
 88 |     <Reference Include="System.Data.DataSetExtensions" />
 89 |     <Reference Include="System.Xml.Linq" />
 90 |     <Reference Include="System.Web" />
 91 |     <Reference Include="System.Web.Extensions" />
 92 |     <Reference Include="System.Web.Abstractions" />
 93 |     <Reference Include="System.Web.Routing" />
 94 |     <Reference Include="System.Xml" />
 95 |     <Reference Include="System.Configuration" />
 96 |     <Reference Include="System.Web.Services" />
 97 |     <Reference Include="System.EnterpriseServices" />
 98 |     <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
 99 |       <Private>True</Private>
100 |       <HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath>
101 |     </Reference>
102 |     <Reference Include="System.Net.Http">
103 |     </Reference>
104 |     <Reference Include="System.Net.Http.WebRequest">
105 |     </Reference>
106 |     <Reference Include="System.Web.Helpers, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
107 |       <Private>True</Private>
108 |       <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.3\lib\net45\System.Web.Helpers.dll</HintPath>
109 |     </Reference>
110 |     <Reference Include="System.Web.Mvc, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
111 |       <Private>True</Private>
112 |       <HintPath>..\packages\Microsoft.AspNet.Mvc.5.2.3\lib\net45\System.Web.Mvc.dll</HintPath>
113 |     </Reference>
114 |     <Reference Include="System.Web.Optimization">
115 |       <HintPath>..\packages\Microsoft.AspNet.Web.Optimization.1.1.3\lib\net40\System.Web.Optimization.dll</HintPath>
116 |     </Reference>
117 |     <Reference Include="System.Web.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
118 |       <Private>True</Private>
119 |       <HintPath>..\packages\Microsoft.AspNet.Razor.3.2.3\lib\net45\System.Web.Razor.dll</HintPath>
120 |     </Reference>
121 |     <Reference Include="System.Web.WebPages, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
122 |       <Private>True</Private>
123 |       <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.3\lib\net45\System.Web.WebPages.dll</HintPath>
124 |     </Reference>
125 |     <Reference Include="System.Web.WebPages.Deployment, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
126 |       <Private>True</Private>
127 |       <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.3\lib\net45\System.Web.WebPages.Deployment.dll</HintPath>
128 |     </Reference>
129 |     <Reference Include="System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
130 |       <Private>True</Private>
131 |       <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.3\lib\net45\System.Web.WebPages.Razor.dll</HintPath>
132 |     </Reference>
133 |     <Reference Include="WebGrease">
134 |       <Private>True</Private>
135 |       <HintPath>..\packages\WebGrease.1.5.2\lib\WebGrease.dll</HintPath>
136 |     </Reference>
137 |     <Reference Include="Antlr3.Runtime">
138 |       <Private>True</Private>
139 |       <HintPath>..\packages\Antlr.3.4.1.9004\lib\Antlr3.Runtime.dll</HintPath>
140 |     </Reference>
141 |   </ItemGroup>
142 |   <ItemGroup>
143 |     <Reference Include="Newtonsoft.Json">
144 |       <HintPath>..\packages\Newtonsoft.Json.6.0.4\lib\net45\Newtonsoft.Json.dll</HintPath>
145 |     </Reference>
146 |     <Reference Include="EntityFramework">
147 |       <HintPath>..\packages\EntityFramework.6.1.3\lib\net45\EntityFramework.dll</HintPath>
148 |     </Reference>
149 |     <Reference Include="EntityFramework.SqlServer">
150 |       <HintPath>..\packages\EntityFramework.6.1.3\lib\net45\EntityFramework.SqlServer.dll</HintPath>
151 |     </Reference>
152 |     <Reference Include="Microsoft.AspNet.Identity.Core">
153 |       <HintPath>..\packages\Microsoft.AspNet.Identity.Core.2.2.1\lib\net45\Microsoft.AspNet.Identity.Core.dll</HintPath>
154 |     </Reference>
155 |     <Reference Include="Microsoft.AspNet.Identity.Owin">
156 |       <HintPath>..\packages\Microsoft.AspNet.Identity.Owin.2.2.1\lib\net45\Microsoft.AspNet.Identity.Owin.dll</HintPath>
157 |     </Reference>
158 |     <Reference Include="Microsoft.AspNet.Identity.EntityFramework">
159 |       <HintPath>..\packages\Microsoft.AspNet.Identity.EntityFramework.2.2.1\lib\net45\Microsoft.AspNet.Identity.EntityFramework.dll</HintPath>
160 |     </Reference>
161 |     <Reference Include="Owin">
162 |       <HintPath>..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
163 |     </Reference>
164 |     <Reference Include="Microsoft.Owin">
165 |       <HintPath>..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll</HintPath>
166 |     </Reference>
167 |     <Reference Include="Microsoft.Owin.Host.SystemWeb">
168 |       <HintPath>..\packages\Microsoft.Owin.Host.SystemWeb.3.0.1\lib\net45\Microsoft.Owin.Host.SystemWeb.dll</HintPath>
169 |     </Reference>
170 |     <Reference Include="Microsoft.Owin.Security">
171 |       <HintPath>..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll</HintPath>
172 |     </Reference>
173 |     <Reference Include="Microsoft.Owin.Security.Facebook">
174 |       <HintPath>..\packages\Microsoft.Owin.Security.Facebook.3.0.1\lib\net45\Microsoft.Owin.Security.Facebook.dll</HintPath>
175 |     </Reference>
176 |     <Reference Include="Microsoft.Owin.Security.Cookies">
177 |       <HintPath>..\packages\Microsoft.Owin.Security.Cookies.3.0.1\lib\net45\Microsoft.Owin.Security.Cookies.dll</HintPath>
178 |     </Reference>
179 |     <Reference Include="Microsoft.Owin.Security.OAuth">
180 |       <HintPath>..\packages\Microsoft.Owin.Security.OAuth.3.0.1\lib\net45\Microsoft.Owin.Security.OAuth.dll</HintPath>
181 |     </Reference>
182 |     <Reference Include="Microsoft.Owin.Security.Google">
183 |       <HintPath>..\packages\Microsoft.Owin.Security.Google.3.0.1\lib\net45\Microsoft.Owin.Security.Google.dll</HintPath>
184 |     </Reference>
185 |     <Reference Include="Microsoft.Owin.Security.Twitter">
186 |       <HintPath>..\packages\Microsoft.Owin.Security.Twitter.3.0.1\lib\net45\Microsoft.Owin.Security.Twitter.dll</HintPath>
187 |     </Reference>
188 |     <Reference Include="Microsoft.Owin.Security.MicrosoftAccount">
189 |       <HintPath>..\packages\Microsoft.Owin.Security.MicrosoftAccount.3.0.1\lib\net45\Microsoft.Owin.Security.MicrosoftAccount.dll</HintPath>
190 |     </Reference>
191 |   </ItemGroup>
192 |   <ItemGroup>
193 |     <Compile Include="App_Start\RouteConfig.cs" />
194 |     <Compile Include="Controllers\LoginController.cs" />
195 |     <Compile Include="Global.asax.cs">
196 |       <DependentUpon>Global.asax</DependentUpon>
197 |     </Compile>
198 |     <Compile Include="Properties\AssemblyInfo.cs" />
199 |     <Compile Include="Startup.cs" />
200 |   </ItemGroup>
201 |   <ItemGroup>
202 |     <Content Include="css\bootstrap.min.css" />
203 |     <Content Include="css\demo.css" />
204 |     <Content Include="css\font.css" />
205 |     <Content Include="css\icon.css" />
206 |     <Content Include="css\material-bootstrap-wizard.css" />
207 |     <Content Include="Global.asax" />
208 |     <Content Include="img\favicon.ico" />
209 |     <Content Include="img\php_logo.png" />
210 |     <Content Include="js\bootstrap.min.js" />
211 |     <Content Include="js\jquery-2.2.4.min.js" />
212 |     <Content Include="js\jquery.bootstrap.js" />
213 |     <Content Include="js\jquery.validate.min.js" />
214 |     <Content Include="js\material-bootstrap-wizard.js" />
215 |     <Content Include="Views\Web.config" />
216 |     <Content Include="Views\Login\Index.cshtml" />
217 |     <Content Include="Views\Shared\_Layout.cshtml" />
218 |     <Content Include="Web.config" />
219 |     <None Include="Web.Debug.config">
220 |       <DependentUpon>Web.config</DependentUpon>
221 |     </None>
222 |     <None Include="Web.Release.config">
223 |       <DependentUpon>Web.config</DependentUpon>
224 |     </None>
225 |   </ItemGroup>
226 |   <ItemGroup>
227 |     <Folder Include="Models\" />
228 |   </ItemGroup>
229 |   <ItemGroup>
230 |     <Content Include="packages.config" />
231 |   </ItemGroup>
232 |   <PropertyGroup>
233 |     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
234 |     <VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>
235 |   </PropertyGroup>
236 |   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
237 |   <Import Project="$(VSToolsPath)\WebApplications\Microsoft.WebApplication.targets" Condition="'$(VSToolsPath)' != ''" />
238 |   <Import Project="$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v10.0\WebApplications\Microsoft.WebApplication.targets" Condition="false" />
239 |   <Target Name="MvcBuildViews" AfterTargets="AfterBuild" Condition="'$(MvcBuildViews)'=='true'">
240 |     <AspNetCompiler VirtualPath="temp" PhysicalPath="$(WebProjectOutputDir)" />
241 |   </Target>
242 |   <ProjectExtensions>
243 |     <VisualStudio>
244 |       <FlavorProperties GUID="{349c5851-65df-11da-9384-00065b846f21}">
245 |         <WebProjectProperties>
246 |           <UseIIS>True</UseIIS>
247 |           <AutoAssignPort>True</AutoAssignPort>
248 |           <DevelopmentServerPort>7439</DevelopmentServerPort>
249 |           <DevelopmentServerVPath>/</DevelopmentServerVPath>
250 |           <IISUrl>http://localhost:7439/</IISUrl>
251 |           <NTLMAuthentication>False</NTLMAuthentication>
252 |           <UseCustomServer>False</UseCustomServer>
253 |           <CustomServerUrl>
254 |           </CustomServerUrl>
255 |           <SaveServerSettingsInUserFile>False</SaveServerSettingsInUserFile>
256 |         </WebProjectProperties>
257 |       </FlavorProperties>
258 |     </VisualStudio>
259 |   </ProjectExtensions>
260 |   <Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
261 |     <PropertyGroup>
262 |       <ErrorText>这台计算机上缺少此项目引用的 NuGet 程序包。使用“NuGet 程序包还原”可下载这些程序包。有关更多信息，请参见 http://go.microsoft.com/fwlink/?LinkID=322105。缺少的文件是 {0}。</ErrorText>
263 |     </PropertyGroup>
264 |     <Error Condition="!Exists('..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.Net.Compilers.1.0.0\build\Microsoft.Net.Compilers.props'))" />
265 |     <Error Condition="!Exists('..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\build\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.1.0.0\build\Microsoft.CodeDom.Providers.DotNetCompilerPlatform.props'))" />
266 |   </Target>
267 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
268 |        Other similar extension points exist, see Microsoft.Common.targets.
269 |   <Target Name="BeforeBuild">
270 |   </Target>
271 |   <Target Name="AfterBuild">
272 |   </Target> -->
273 | </Project>


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Global.asax:
--------------------------------------------------------------------------------
1 | <%@ Application Codebehind="Global.asax.cs" Inherits="Csharp_xxe.MvcApplication" Language="C#" %>
2 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Global.asax.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Web;
 5 | using System.Web.Mvc;
 6 | using System.Web.Optimization;
 7 | using System.Web.Routing;
 8 | 
 9 | namespace Csharp_xxe
10 | {
11 |     public class MvcApplication : System.Web.HttpApplication
12 |     {
13 |         protected void Application_Start()
14 |         {
15 |             AreaRegistration.RegisterAllAreas();
16 |             RouteConfig.RegisterRoutes(RouteTable.Routes);
17 |         }
18 |     }
19 | }
20 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Startup.cs:
--------------------------------------------------------------------------------
 1 | using Microsoft.Owin;
 2 | using Owin;
 3 | 
 4 | [assembly: OwinStartupAttribute(typeof(Csharp_xxe.Startup))]
 5 | namespace Csharp_xxe
 6 | {
 7 |     public partial class Startup
 8 |     {
 9 |         public void Configuration(IAppBuilder app)
10 |         {
11 |             //ConfigureAuth(app);
12 |         }
13 |     }
14 | }
15 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Views/Login/Index.cshtml:
--------------------------------------------------------------------------------
  1 | <!doctype html>
  2 | <html lang="en">
  3 | <head>
  4 |     <meta charset="utf-8" />
  5 |     <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
  6 |     <link rel="shortcut icon" href="/img/favicon.png" type="image/x-icon">
  7 | 
  8 |     <title>XXE-Lab</title>
  9 | 
 10 |     <meta content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0' name='viewport' />
 11 |     <meta name="viewport" content="width=device-width" />
 12 | 
 13 |     <link rel="stylesheet" type="text/css" href="/css/font.css" />
 14 |     <link href="/css/bootstrap.min.css" rel="stylesheet" />
 15 |     <link href="/css/material-bootstrap-wizard.css" rel="stylesheet" />
 16 | </head>
 17 | 
 18 | <body>
 19 |     <div class="image-container set-full-height" style="background-color: #272822;">
 20 |         <!--   Creative Tim Branding   -->
 21 |         <!--   Big container   -->
 22 |         <div class="container" style="width: 970px;">
 23 |             <div class="row">
 24 |                 <div class="col-sm-8 col-sm-offset-2">
 25 |                     <!--      Wizard container        -->
 26 |                     <div class="wizard-container">
 27 |                         <div class="card wizard-card" data-color="green" id="wizardProfile">
 28 |                             <form>
 29 |                                 <div class="wizard-header">
 30 |                                     <h3 class="wizard-title">
 31 |                                         <a href="http://github.com/c0ny1/xxe-lab">XXE-Lab for C#</a>
 32 |                                     </h3>
 33 |                                     <img src="/img/Csharp_logo.png">
 34 |                                 </div>
 35 |                                 <div class="wizard-navigation">
 36 |                                     <ul>
 37 |                                         <li><a href="#about" data-toggle="tab">tips:</a></li>
 38 |                                         <li><a href="javascript:void(0)"><span style="color:red;" class="msg"></span></a></li>
 39 |                                         <li><a href="javascript:void(0)"></a></li>
 40 |                                     </ul>
 41 |                                 </div>
 42 | 
 43 |                                 <div class="tab-content">
 44 |                                     <div class="tab-pane" id="about">
 45 |                                         <div class="row">
 46 |                                             <div class="col-sm-6">
 47 |                                                 <div class="input-group" style="margin-left: 30%;">
 48 |                                                     <span class="input-group-addon">
 49 |                                                         <i class="iconfont icon-icon30" style="font-size:25px;"></i>
 50 |                                                     </span>
 51 |                                                     <div class="form-group label-floating">
 52 |                                                         <label class="control-label">UserName</label>
 53 |                                                         <input id="username" name="username" style="width: 200%;" type="text" class="form-control">
 54 |                                                     </div>
 55 |                                                 </div>
 56 |                                                 <div class="input-group" style="margin-left: 30%;">
 57 |                                                     <span class="input-group-addon">
 58 |                                                         <i class="iconfont icon-mima" style="font-size:25px;"></i>
 59 |                                                     </span>
 60 |                                                     <div class="form-group label-floating">
 61 |                                                         <label class="control-label">Password</label>
 62 |                                                         <input id="password" name="password" style="width: 200%;" type="password" class="form-control">
 63 |                                                     </div>
 64 |                                                 </div>
 65 |                                             </div>
 66 |                                         </div>
 67 |                                     </div>
 68 | 
 69 | 
 70 |                                 </div>
 71 |                                 <div class="wizard-footer">
 72 |                                     <div class="pull-right">
 73 |                                         <input type='button' class='btn btn-fill btn-success btn-wd' name='next' value='login' onclick="javascript:doLogin()" />
 74 |                                     </div>
 75 | 
 76 |                                     <div class="clearfix"></div>
 77 |                                 </div>
 78 |                             </form>
 79 |                         </div>
 80 |                     </div> <!-- wizard container -->
 81 |                 </div>
 82 |             </div><!-- end row -->
 83 |         </div> <!--  big container -->
 84 | 
 85 |         <div class="footer">
 86 |             <div class="container text-center">
 87 |                 Copyright By <a href="http://gv7.me">c0ny1</a>
 88 |             </div>
 89 |         </div>
 90 |     </div>
 91 | </body>
 92 | <!--   Core JS Files   -->
 93 | <script src="/js/jquery-2.2.4.min.js" type="text/javascript"></script>
 94 | <script src="/js/bootstrap.min.js" type="text/javascript"></script>
 95 | <script src="/js/jquery.bootstrap.js" type="text/javascript"></script>
 96 | 
 97 | <!--  Plugin for the Wizard -->
 98 | <script src="/js/material-bootstrap-wizard.js"></script>
 99 | 
100 | <script src="/js/jquery.validate.min.js"></script>
101 | <script type='text/javascript'>
102 | 
103 | function doLogin(){
104 | 	var username = $("#username").val();
105 | 	var password = $("#password").val();
106 | 	if(username == "" || password == ""){
107 | 		alert("Please enter the username and password!");
108 | 		return;
109 | 	}
110 | 
111 | 	var data = "<user><username>" + username + "</username><password>" + password + "</password></user>";
112 |     $.ajax({
113 |         type: "POST",
114 |         url: '@Url.Action("doLogin", "Login")',
115 |         contentType: "application/xml;charset=utf-8",
116 |         data: data,
117 |         dataType: "xml",
118 |         anysc: false,
119 |         success: function (result) {
120 |         	var code = result.getElementsByTagName("code")[0].childNodes[0].nodeValue;
121 |         	var msg = result.getElementsByTagName("msg")[0].childNodes[0].nodeValue;
122 |         	if(code == "0"){
123 |         		$(".msg").text(msg + " login fail!");
124 |         	}else if(code == "1"){
125 |         		$(".msg").text(msg + " login success!");
126 |         	}else{
127 |         		$(".msg").text("error:" + msg);
128 |         	}
129 |         },
130 |         error: function (XMLHttpRequest,textStatus,errorThrown) {
131 |             $(".msg").text(errorThrown + ':' + textStatus);
132 |         }
133 |     });
134 | }
135 | </script>
136 | </html>
137 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Views/Shared/_Layout.cshtml:
--------------------------------------------------------------------------------
1 | @RenderBody()


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Views/Web.config:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | 
 3 | <configuration>
 4 |   <configSections>
 5 |     <sectionGroup name="system.web.webPages.razor" type="System.Web.WebPages.Razor.Configuration.RazorWebSectionGroup, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
 6 |       <section name="host" type="System.Web.WebPages.Razor.Configuration.HostSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
 7 |       <section name="pages" type="System.Web.WebPages.Razor.Configuration.RazorPagesSection, System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" />
 8 |     </sectionGroup>
 9 |   </configSections>
10 | 
11 |   <system.web.webPages.razor>
12 |     <host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
13 |     <pages pageBaseType="System.Web.Mvc.WebViewPage">
14 |       <namespaces>
15 |         <add namespace="System.Web.Mvc" />
16 |         <add namespace="System.Web.Mvc.Ajax" />
17 |         <add namespace="System.Web.Mvc.Html" />
18 |         <add namespace="System.Web.Optimization"/>
19 |         <add namespace="System.Web.Routing" />
20 |         <add namespace="Csharp_xxe" />
21 |       </namespaces>
22 |     </pages>
23 |   </system.web.webPages.razor>
24 | 
25 |   <appSettings>
26 |     <add key="webpages:Enabled" value="false" />
27 |   </appSettings>
28 | 
29 |   <system.webServer>
30 |     <handlers>
31 |       <remove name="BlockViewHandler"/>
32 |       <add name="BlockViewHandler" path="*" verb="*" preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
33 |     </handlers>
34 |   </system.webServer>
35 | 
36 |   <system.web>
37 |     <compilation>
38 |       <assemblies>
39 |         <add assembly="System.Web.Mvc, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
40 |       </assemblies>
41 |     </compilation>
42 |   </system.web>
43 | </configuration>
44 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Views/_ViewStart.cshtml:
--------------------------------------------------------------------------------
1 | @{
2 |     Layout = "~/Views/Shared/_Layout.cshtml";
3 | }
4 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/Web.config:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <!--
 3 |   For more information on how to configure your ASP.NET application, please visit
 4 |   http://go.microsoft.com/fwlink/?LinkId=301880
 5 |   -->
 6 | <configuration>
 7 |   <configSections>
 8 |     <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
 9 |     <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
10 |   </configSections>
11 |   <connectionStrings>
12 |     <add name="DefaultConnection" connectionString="Data Source=(LocalDb)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\aspnet-Csharp_xxe-20180207114810.mdf;Initial Catalog=aspnet-Csharp_xxe-20180207114810;Integrated Security=True" providerName="System.Data.SqlClient" />
13 |   </connectionStrings>
14 |   <appSettings>
15 |     <add key="webpages:Version" value="3.0.0.0" />
16 |     <add key="webpages:Enabled" value="false" />
17 |     <add key="ClientValidationEnabled" value="true" />
18 |     <add key="UnobtrusiveJavaScriptEnabled" value="true" />
19 |   </appSettings>
20 |   <system.web>
21 |     <authentication mode="None" />
22 |     <compilation debug="true" targetFramework="4.5.2" />
23 |     <httpRuntime targetFramework="4.5.2" />
24 |     <httpModules>
25 |       <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" />
26 |     </httpModules>
27 |   </system.web>
28 |   <system.webServer>
29 |     <modules>
30 |       <remove name="FormsAuthentication" />
31 |       <remove name="ApplicationInsightsWebTracking" />
32 |       <add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web" preCondition="managedHandler" />
33 |     </modules>
34 |     <validation validateIntegratedModeConfiguration="false" />
35 |   </system.webServer>
36 |   <runtime>
37 |     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
38 |       <dependentAssembly>
39 |         <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" />
40 |         <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
41 |       </dependentAssembly>
42 |       <dependentAssembly>
43 |         <assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" />
44 |         <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
45 |       </dependentAssembly>
46 |       <dependentAssembly>
47 |         <assemblyIdentity name="Microsoft.Owin.Security.Cookies" publicKeyToken="31bf3856ad364e35" />
48 |         <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
49 |       </dependentAssembly>
50 |       <dependentAssembly>
51 |         <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" />
52 |         <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
53 |       </dependentAssembly>
54 |       <dependentAssembly>
55 |         <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
56 |         <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
57 |       </dependentAssembly>
58 |       <dependentAssembly>
59 |         <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
60 |         <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
61 |       </dependentAssembly>
62 |       <dependentAssembly>
63 |         <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
64 |         <bindingRedirect oldVersion="0.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
65 |       </dependentAssembly>
66 |       <dependentAssembly>
67 |         <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
68 |         <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
69 |       </dependentAssembly>
70 |       <dependentAssembly>
71 |         <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
72 |         <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
73 |       </dependentAssembly>
74 |       <dependentAssembly>
75 |         <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
76 |         <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
77 |       </dependentAssembly>
78 |     </assemblyBinding>
79 |   </runtime>
80 |   <entityFramework>
81 |     <defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
82 |       <parameters>
83 |         <parameter value="mssqllocaldb" />
84 |       </parameters>
85 |     </defaultConnectionFactory>
86 |     <providers>
87 |       <provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
88 |     </providers>
89 |   </entityFramework>
90 |   <system.codedom>
91 |     <compilers>
92 |       <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.CSharpCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:6 /nowarn:1659;1699;1701" />
93 |       <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.CodeDom.Providers.DotNetCompilerPlatform.VBCodeProvider, Microsoft.CodeDom.Providers.DotNetCompilerPlatform, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" warningLevel="4" compilerOptions="/langversion:14 /nowarn:41008 /define:_MYTYPE=\&quot;Web\&quot; /optionInfer+" />
94 |     </compilers>
95 |   </system.codedom>
96 | </configuration>


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/css/demo.css:
--------------------------------------------------------------------------------
  1 | .logo-container{
  2 |     left: 50px;
  3 |     position: absolute;
  4 |     top: 20px;
  5 |     z-index: 3;
  6 | }
  7 | .logo-container .logo{
  8 |     overflow: hidden;
  9 |     border-radius: 50%;
 10 |     border: 1px solid #333333;
 11 |     width: 60px;
 12 |     float: left;
 13 | }
 14 | .logo-container .brand{
 15 |     font-size: 18px;
 16 |     color: #FFF;
 17 |     line-height: 20px;
 18 |     float: left;
 19 |     margin-left: 10px;
 20 |     margin-top: 10px;
 21 |     width: 60px
 22 | }
 23 | 
 24 | body{
 25 |     background-color: #CCCCCC;
 26 | }
 27 | 
 28 | .section .wizard-card{
 29 |     min-height: inherit;
 30 | }
 31 | 
 32 | .tim-row{
 33 |     margin-bottom: 20px;
 34 | }
 35 | 
 36 | .tim-white-buttons {
 37 |     background-color: #777777;
 38 | }
 39 | .title{
 40 |     margin-top: 30px;
 41 |     margin-bottom: 25px;
 42 |     min-height: 32px;
 43 |     font-weight: 500;
 44 | }
 45 | 
 46 | 
 47 | 
 48 | .title.text-center{
 49 |     margin-bottom: 50px;
 50 | }
 51 | .tim-typo{
 52 |     padding-left: 25%;
 53 |     margin-bottom: 40px;
 54 |     position: relative;
 55 | }
 56 | .tim-typo .tim-note{
 57 |     bottom: 10px;
 58 |     color: #c0c1c2;
 59 |     display: block;
 60 |     font-weight: 400;
 61 |     font-size: 13px;
 62 |     line-height: 13px;
 63 |     left: 0;
 64 |     margin-left: 20px;
 65 |     position: absolute;
 66 |     width: 260px;
 67 | }
 68 | .tim-row{
 69 |     padding-top: 50px;
 70 | }
 71 | .tim-row h3{
 72 |     margin-top: 0;
 73 | }
 74 | .switch{
 75 |     margin-right: 20px;
 76 | }
 77 | .copyrights{
 78 | 	text-indent:-9999px;
 79 | 	height:0;
 80 | 	line-height:0;
 81 | 	font-size:0;
 82 | 	overflow:hidden;
 83 | }
 84 | #navbar-full .navbar{
 85 |     border-radius: 0 !important;
 86 |     margin-bottom: 15px;
 87 |     z-index: 2;
 88 | }
 89 | .space{
 90 |     height: 130px;
 91 |     display: block;
 92 | }
 93 | .space-110{
 94 |     height: 110px;
 95 |     display: block;
 96 | }
 97 | .space-50{
 98 |     height: 50px;
 99 |     display: block;
100 | }
101 | .space-70{
102 |     height: 70px;
103 |     display: block;
104 | }
105 | .navigation-example .img-src{
106 |     background-attachment: scroll;
107 | }
108 | 
109 | .navigation-example{
110 |     background-image: url('../img/bg.jpg');
111 |     background-position: center center;
112 |     background-size: cover;
113 |     margin-top:0;
114 |     min-height: 740px;
115 | }
116 | #notifications{
117 |     background-color: #FFFFFF;
118 |     display: block;
119 |     width: 100%;
120 |     position: relative;
121 | }
122 | #notifications .alert-danger{
123 |     margin-bottom: 0px;
124 | }
125 | .tim-note{
126 |     text-transform: capitalize;
127 | }
128 | 
129 | #buttons .btn{
130 |     margin: 0 0px 15px;
131 | }
132 | .space-100{
133 |     height: 100px;
134 |     display: block;
135 |     width: 100%;
136 | }
137 | 
138 | .be-social{
139 |     padding-bottom: 20px;
140 | /*     border-bottom: 1px solid #aaa; */
141 |     margin: 0 auto 40px;
142 | }
143 | .txt-white{
144 |     color: #FFFFFF;
145 | }
146 | .txt-gray{
147 |     color: #ddd !important;
148 | }
149 | 
150 | 
151 | .parallax{
152 |   width:100%;
153 |   height:570px;
154 | 
155 |   display: block;
156 |   background-attachment: fixed;
157 |     background-repeat:no-repeat;
158 |     background-size:cover;
159 |     background-position: center center;
160 | 
161 | }
162 | 
163 | .logo-container.logo-documentation{
164 |     position: relative;
165 |     top: 0;
166 |     left: 0;
167 | }
168 | 
169 | .logo-container .logo{
170 |     overflow: hidden;
171 |     border-radius: 50%;
172 |     border: 1px solid #333333;
173 |     width: 50px;
174 |     float: left;
175 | }
176 | 
177 | .logo-container .brand{
178 |     font-size: 16px;
179 |     line-height: 18px;
180 |     float: left;
181 |     margin-left: 10px;
182 |     margin-top: 7px;
183 |     width: 70px;
184 |     height: 40px;
185 |     text-align: left;
186 | }
187 | 
188 | 
189 | .navbar-default .logo-container .brand{
190 |     color: #999999;
191 | }
192 | .navbar-transparent .logo-container .brand{
193 |     color: #FFFFFF;
194 | }
195 | 
196 | .logo-container .brand-material{
197 |     font-size: 18px;
198 |     margin-top: 15px;
199 |     height: 25px;
200 |     width: auto;
201 | }
202 | 
203 | .logo-container .logo img{
204 |     width: 100%;
205 | }
206 | .navbar-small .logo-container .brand{
207 |     color: #333333;
208 | }
209 | 
210 | .fixed-section{
211 |     top: 90px;
212 |     max-height: 80vh;
213 |     overflow: scroll;
214 | }
215 | .fixed-section ul li{
216 |     list-style: none;
217 | }
218 | .fixed-section li a{
219 |     font-size: 14px;
220 |     padding: 2px;
221 |     display: block;
222 |     color: #666666;
223 | }
224 | .fixed-section li a.active{
225 |     color: #00bbff;
226 | }
227 | .fixed-section.float{
228 |     position: fixed;
229 |     top: 100px;
230 |     width: 200px;
231 |     margin-top: 0;
232 | }
233 | 
234 | 
235 | .parallax .parallax-image{
236 |     width: 100%;
237 |     overflow: hidden;
238 |     position: absolute;
239 | }
240 | .parallax .parallax-image img{
241 |     width: 100%;
242 | }
243 | 
244 | @media (max-width: 768px){
245 |     .parallax .parallax-image{
246 |          width: 100%;
247 |          height: 640px;
248 |          overflow: hidden;
249 |      }
250 |     .parallax .parallax-image img{
251 |        height: 100%;
252 |        width: auto;
253 |    }
254 | }
255 | 
256 | .separator{
257 |     content: "Separator";
258 |     color: #FFFFFF;
259 |     display: block;
260 |     width: 100%;
261 |     padding: 20px;
262 | }
263 | .separator-line{
264 |     background-color: #EEE;
265 |     height: 1px;
266 |     width: 100%;
267 |     display: block;
268 | }
269 | .separator.separator-gray{
270 |     background-color: #EEEEEE;
271 | }
272 | .social-buttons-demo .btn{
273 |     margin-right: 5px;
274 |     margin-bottom: 7px;
275 | }
276 | 
277 | .img-container{
278 |     width: 100%;
279 |     overflow: hidden;
280 | }
281 | .img-container img{
282 |     width: 100%;
283 | }
284 | 
285 | .lightbox img{
286 |     width: 100%;
287 | }
288 | .lightbox .modal-content{
289 |     overflow: hidden;
290 | }
291 | .lightbox .modal-body{
292 |     padding: 0;
293 | }
294 | @media screen and (min-width: 991px){
295 |     .lightbox .modal-dialog{
296 |         width: 960px;
297 |     }
298 | }
299 | 
300 | @media (max-width: 768px){
301 |     .btn, .btn-morphing{
302 |         margin-bottom: 10px;
303 |     }
304 |     .parallax .motto{
305 |         top: 170px;
306 |         margin-top: 0;
307 |         font-size: 60px;
308 |         width: 270px;
309 |     }
310 | }
311 | 
312 | /*       Loading dots  */
313 | 
314 | /*      transitions */
315 | .presentation .front, .presentation .front:after, .presentation .front .btn, .logo-container .logo, .logo-container .brand{
316 |      -webkit-transition: all .2s;
317 |     -moz-transition: all .2s;
318 |     -o-transition: all .2s;
319 |     transition: all .2s;
320 | }
321 | 
322 | 
323 | #images h4{
324 |     margin-bottom: 30px;
325 | }
326 | #javascriptComponents{
327 |     padding-bottom: 0;
328 | }
329 | #javascriptComponents .btn-raised{
330 |     margin: 10px 5px;
331 | }
332 | 
333 | 
334 | /*      layer animation          */
335 | 
336 | .layers-container{
337 |     display: block;
338 |     margin-top: 50px;
339 |     position: relative;
340 | }
341 | .layers-container img {
342 |   position: absolute;
343 |   width: 100%;
344 |   height: auto;
345 |   top: 0;
346 |   left: 0;
347 |   text-align: center;
348 | }
349 | 
350 | .section-black {
351 |   background-color: #333;
352 | }
353 | 
354 | .animate {
355 |   transition: 1.5s ease-in-out;
356 |   -moz-transition: 1.5s ease-in-out;
357 |   -webkit-transition: 1.5s ease-in-out;
358 | }
359 | 
360 | .navbar-default.navbar-small .logo-container .brand{
361 |     color: #333333;
362 | }
363 | .navbar-transparent.navbar-small .logo-container .brand{
364 |     color: #FFFFFF;
365 | }
366 | .navbar-default.navbar-small .logo-container .brand{
367 |     color: #333333;
368 | }
369 | 
370 | .sharing-area{
371 |     margin-top: 80px;
372 | }
373 | .sharing-area .btn{
374 |     margin: 15px 4px 0;
375 |     color: #FFFFFF;
376 | }
377 | .sharing-area .btn i{
378 |     font-size: 18px;
379 |     position: relative;
380 |     top: 2px;
381 |     margin-right: 5px;
382 | }
383 | .sharing-area .btn-twitter{
384 |     background-color: #55acee;
385 | }
386 | .sharing-area .btn-facebook{
387 |     background-color: #3b5998;
388 | }
389 | .sharing-area .btn-google-plus{
390 |     background-color: #dd4b39;
391 | }
392 | .sharing-area .btn-github{
393 |     background-color: #333333;
394 | }
395 | .section-thin,
396 | .section-notifications{
397 |     padding: 0;
398 | }
399 | .section-navbars{
400 |     padding-top: 0;
401 | }
402 | #navbar .navbar{
403 |     border-radius: 0;
404 | }
405 | .section-tabs{
406 |     background: #EEEEEE;
407 | }
408 | .section-pagination{
409 |     padding-bottom: 0;
410 | }
411 | .section-download h4{
412 |     margin-bottom: 50px;
413 | }
414 | .section-examples a{
415 |     text-decoration: none;
416 | }
417 | .section-examples h5{
418 |     margin-top: 30px;
419 | }
420 | .components-page .wrapper > .header,
421 | .tutorial-page .wrapper > .header{
422 |     height: 400px;
423 |     padding-top: 100px;
424 |     background-size: cover;
425 |     background-position: center center;
426 | }
427 | .components-page .title,
428 | .tutorial-page .title{
429 |     color: #FFFFFF;
430 | }
431 | 
432 | .main {
433 |   background: #FFFFFF;
434 |   position: relative;
435 |   z-index: 3;
436 | }
437 | 
438 | .main-raised {
439 |     margin: -60px 30px 0px;
440 |     border-radius: 6px;
441 |     box-shadow: 0 16px 24px 2px rgba(0, 0, 0, 0.14), 0 6px 30px 5px rgba(0, 0, 0, 0.12), 0 8px 10px -5px rgba(0, 0, 0, 0.2);
442 | }
443 | 
444 | .header-filter {
445 |   position: relative;
446 | }
447 | .header-filter:before, .header-filter:after {
448 |   position: absolute;
449 |   z-index: 1;
450 |   width: 100%;
451 |   height: 100%;
452 |   display: block;
453 |   left: 0;
454 |   top: 0;
455 |   content: "";
456 | }
457 | .header-filter::before {
458 |   background-color: rgba(0, 0, 0, 0.4);
459 | }
460 | .header-filter .container {
461 |   z-index: 2;
462 |   position: relative;
463 | }
464 | 
465 | .section {
466 |   padding: 70px 0;
467 |   background-position: center center;
468 |   background-size: cover;
469 | }
470 | 
471 | 
472 | 
473 | .navbar {
474 |   border: 0;
475 |   border-radius: 3px;
476 |   box-shadow: 0 10px 20px -12px rgba(0, 0, 0, 0.42), 0 3px 20px 0px rgba(0, 0, 0, 0.12), 0 8px 10px -5px rgba(0, 0, 0, 0.2);
477 |   padding: 10px 0;
478 | 
479 |   -webkit-transition: all 150ms ease 0s;
480 |  -moz-transition: all 150ms ease 0s;
481 |  -o-transition: all 150ms ease 0s;
482 |  -ms-transition: all 150ms ease 0s;
483 |  transition: all 150ms ease 0s;
484 | }
485 | .navbar .navbar-brand {
486 |   position: relative;
487 |   height: 50px;
488 |   line-height: 30px;
489 |   color: inherit;
490 |   padding: 10px 15px;
491 | }
492 | .navbar .navbar-brand:hover, .navbar .navbar-brand:focus {
493 |   color: inherit;
494 |   background-color: transparent;
495 | }
496 | 
497 | .navbar.navbar-transparent {
498 |   background-color: transparent;
499 |   box-shadow: none;
500 |   color: #fff;
501 |   padding-top: 25px;
502 | }
503 | 
504 | .navbar-fixed-top {
505 |   border-radius: 0;
506 | }
507 | 
508 | .navbar .navbar-nav > li > a .material-icons,
509 | .navbar .navbar-nav > li > a .fa {
510 |   font-size: 20px;
511 |   max-width: 20px;
512 | }
513 | .navbar .navbar-nav > li > a:hover,
514 | .navbar .navbar-nav > li > a:focus {
515 |     color: inherit;
516 |     background-color: transparent;
517 | }
518 | 
519 | .navbar .navbar-nav > li > a:not(.btn) .material-icons {
520 |   margin-top: -3px;
521 |   top: 0px;
522 |   position: relative;
523 |   margin-right: 3px;
524 | }
525 | 
526 | .navbar, .navbar.navbar-default {
527 |   background-color: #9c27b0;
528 |   color: #FFFFFF;
529 | }
530 | 
531 | .navbar .navbar-nav > li > a {
532 |   color: inherit;
533 |   padding-top: 15px;
534 |   padding-bottom: 15px;
535 |   font-weight: 400;
536 |   font-size: 12px;
537 |   text-transform: uppercase;
538 |   border-radius: 3px;
539 | }
540 | @media (max-width: 1199px) {
541 | 
542 |   .navbar .navbar-brand {
543 |     height: 50px;
544 |     padding: 10px 15px;
545 |   }
546 |   .navbar .navbar-nav > li > a {
547 |     padding-top: 15px;
548 |     padding-bottom: 15px;
549 |   }
550 | }
551 | 
552 | footer {
553 |   padding: 15px 0;
554 |   text-align: center;
555 | 
556 | }
557 | .footer a{
558 |     font-weight: bold;
559 | }
560 | 
561 | footer.footer-documentation{
562 |     margin-top: 0;
563 |     bottom: 0;
564 |     text-shadow: none;
565 |     color: inherit;
566 | }
567 | 
568 | footer.footer-documentation li a{
569 |     color: inherit;
570 | }
571 | 
572 | footer.footer-documentation li a:hover,
573 | footer.footer-documentation li a:focus{
574 |     color: #89229b;
575 | }
576 | 
577 | footer ul {
578 |   margin-bottom: 0;
579 |   padding: 0;
580 |   list-style: none;
581 | }
582 | footer ul li {
583 |   display: inline-block;
584 | }
585 | footer ul li a {
586 |   color: inherit;
587 |   padding: 15px;
588 |   font-weight: 500;
589 |   font-size: 12px;
590 |   text-transform: uppercase;
591 |   border-radius: 3px;
592 |   text-decoration: none;
593 |   position: relative;
594 |   display: block;
595 | }
596 | footer ul li a:hover {
597 |   text-decoration: none;
598 | }
599 | footer ul li .btn {
600 |   margin: 0;
601 | }
602 | footer ul.links-horizontal:first-child a {
603 |   padding-left: 0;
604 | }
605 | footer ul.links-horizontal:last-child a {
606 |   padding-right: 0;
607 | }
608 | footer ul.links-vertical li {
609 |   display: block;
610 | }
611 | footer ul.links-vertical li a {
612 |   padding: 5px 0;
613 | }
614 | footer .social-buttons a,
615 | footer .social-buttons .btn {
616 |   margin-top: 5px;
617 |   margin-bottom: 5px;
618 | }
619 | footer .footer-brand {
620 |   float: left;
621 |   height: 50px;
622 |   padding: 15px 15px;
623 |   font-size: 18px;
624 |   line-height: 20px;
625 |   margin-left: -15px;
626 | }
627 | footer .footer-brand:hover, footer .footer-brand:focus {
628 |   color: #3C4858;
629 | }
630 | footer .copyright {
631 |   padding: 15px 0;
632 |   text-align: center;
633 | }
634 | footer .copyright .material-icons {
635 |   font-size: 18px;
636 |   position: relative;
637 |   top: 3px;
638 | }
639 | footer .pull-center {
640 |   display: inline-block;
641 |   float: none;
642 | }
643 | 
644 | @media (max-width: 768px) {
645 |   .footer .copyright {
646 |     display: inline-block;
647 |     text-align: center;
648 |     padding: 10px 0;
649 |     float: none !important;
650 |     width: 100%;
651 |   }
652 | 
653 |   .navbar.navbar-transparent {
654 |     background-color: rgba(0, 0, 0, 0.4);
655 |     padding-top: 10px;
656 |     border-radius: 0;
657 |   }
658 | 
659 |   .main-raised {
660 |     margin-left: 10px;
661 |     margin-right: 10px;
662 |   }
663 | }
664 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/css/font.css:
--------------------------------------------------------------------------------
 1 | 
 2 | @font-face {font-family: "iconfont";
 3 |   src: url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.eot?t=1517926461910'); /* IE9*/
 4 |   src: url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.eot?t=1517926461910#iefix') format('embedded-opentype'), /* IE6-IE8 */
 5 |   url('data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAAXUAAsAAAAACFwAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFZW7kggY21hcAAAAYAAAABlAAABnM8LapNnbHlmAAAB6AAAAe8AAAIkfsWBm2hlYWQAAAPYAAAALwAAADYQXvaJaGhlYQAABAgAAAAcAAAAJAfeA4VobXR4AAAEJAAAABAAAAAQD+kAAGxvY2EAAAQ0AAAACgAAAAoBiADEbWF4cAAABEAAAAAfAAAAIAETAF1uYW1lAAAEYAAAAUUAAAJtPlT+fXBvc3QAAAWoAAAAKgAAADtO+ggHeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2Bk/sU4gYGVgYOpk+kMAwNDP4RmfM1gxMjBwMDEwMrMgBUEpLmmMDgwVDwzYW7438AQw9zA0AAUZgTJAQAn3gyieJzFkMENwCAMA51CK1R1Ct59og7UV0dg4qxBncCHCTC6kFiWggCwAwjkJhGQDwLTS1fcDzjdj3g4J56Nd9WspbWpM4knknfBknJgmWTd6lmX1zIm++864BM1d8zX0sH2A991EMsAAAB4nDXQT2sTQRgG8Hlmsn8Sk93uTjabbLpJNrG70bVR003ipiS9eLFYiJQexFNP4kERPBRUNCCCiAdzFwQb8OjRS5UI+hlM0IOin8FbVycUZ15434H38HuGSIT8/cmOWJFw0iQXyWUyIgRyiLpGXXhB1KIhLE+y7LzGgkbgKY16iw1g1+V8od2NfFtWZB0aKtjw2t2gRQN0oiHdRLvgAqWys2uurZrsJTLFoPI02aZvYFUbq/pwPblybivfrnH1IGuaJdN8ocqSpFKa0jXctgtpKZ2Rk6mkO9ZR9QytIlsKnKvXc7Wyuf8suuOu2WlgPAYv17S3W4ZjiHroFLhZUlZyatHJNU7ncfD7VJFnXf8XESclsh6zxzQhKjGIS9ZF0rxc96NuuyD9H5gGpQJ7iF4LrIWg07OD5a2KjHjCXS4Kg5P+aTqXpPn0cJFKLQ4nM7Z7/+xn67v/GqkZ+s0oGkVR86ThldiYLvfE9vEFNptknm/feHRrf3RXn8yEjQrbB3aT7QnXeeHy/G6vAsXu0kCm9oZAGULlCZYhXNZSO4DgDcU/ixdDci+1Mn5QVfYym++/1GQ17AP9EPMwBuI/AqubgB8HJhaXfhjpjxo4KHeTrx3EYfIujCmNQ1wL4+Tbjsa5tpOucNf3XV75B4awZxYAeJxjYGRgYABipxW+C+P5bb4ycLMwgMC1+TdtEfT/vSwMzKFALgcDE0gUADKhCsEAeJxjYGRgYG7438AQw8IAAkCSkQEVsAAARwoCbQQAAAAD6QAABAAAAAQAAAAAAAAAAHYAxAESAAB4nGNgZGBgYGEIZGBlAAEmIOYCQgaG/2A+AwAREgFxAHicZY9NTsMwEIVf+gekEqqoYIfkBWIBKP0Rq25YVGr3XXTfpk6bKokjx63UA3AejsAJOALcgDvwSCebNpbH37x5Y08A3OAHHo7fLfeRPVwyO3INF7gXrlN/EG6QX4SbaONVuEX9TdjHM6bCbXRheYPXuGL2hHdhDx18CNdwjU/hOvUv4Qb5W7iJO/wKt9Dx6sI+5l5XuI1HL/bHVi+cXqnlQcWhySKTOb+CmV7vkoWt0uqca1vEJlODoF9JU51pW91T7NdD5yIVWZOqCas6SYzKrdnq0AUb5/JRrxeJHoQm5Vhj/rbGAo5xBYUlDowxQhhkiMro6DtVZvSvsUPCXntWPc3ndFsU1P9zhQEC9M9cU7qy0nk6T4E9XxtSdXQrbsuelDSRXs1JErJCXta2VELqATZlV44RelzRiT8oZ0j/AAlabsgAAAB4nGNgYoAALgbsgIWRiZGZkYWRlYGxgi0zOT/P2IAlNzM3kYEBACnOBFYAAA==') format('woff'),
 6 |   url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.ttf?t=1517926461910') format('truetype'), /* chrome, firefox, opera, Safari, Android, iOS 4.2+*/
 7 |   url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.svg?t=1517926461910#iconfont') format('svg'); /* iOS 4.1- */
 8 | }
 9 | 
10 | .iconfont {
11 |   font-family:"iconfont" !important;
12 |   font-size:16px;
13 |   font-style:normal;
14 |   -webkit-font-smoothing: antialiased;
15 |   -moz-osx-font-smoothing: grayscale;
16 | }
17 | 
18 | .icon-icon30:before { content: "\e634"; }
19 | 
20 | .icon-mima:before { content: "\e622"; }
21 | 
22 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/css/icon.css:
--------------------------------------------------------------------------------
 1 | @font-face {
 2 |   font-family: 'Material Icons';
 3 |   font-style: normal;
 4 |   font-weight: 400;
 5 |   src: url(https://fonts.gstatic.com/s/materialicons/v36/2fcrYFNaTjcS6g4U3t-Y5SQZRqoBW5Q4K_a7BOZJO20.eot);
 6 | }
 7 | @font-face {
 8 |   font-family: 'Roboto';
 9 |   font-style: normal;
10 |   font-weight: 400;
11 |   src: url(https://fonts.gstatic.com/s/roboto/v18/5YB-ifwqHP20Yn46l_BDhA.eot);
12 | }
13 | @font-face {
14 |   font-family: 'Roboto Slab';
15 |   font-style: normal;
16 |   font-weight: 400;
17 |   src: url(https://fonts.gstatic.com/s/robotoslab/v7/y7lebkjgREBJK96VQi37ZmfQcKutQXcIrRfyR5jdjY8.eot);
18 | }
19 | 
20 | .material-icons {
21 |   font-family: 'Material Icons';
22 |   font-weight: normal;
23 |   font-style: normal;
24 |   font-size: 24px;
25 |   line-height: 1;
26 |   letter-spacing: normal;
27 |   text-transform: none;
28 |   display: inline-block;
29 |   white-space: nowrap;
30 |   word-wrap: normal;
31 |   direction: ltr;
32 | }
33 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/img/Csharp_logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/Csharp_xxe/Csharp_xxe/img/Csharp_logo.png


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/img/favicon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/Csharp_xxe/Csharp_xxe/img/favicon.png


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/js/material-bootstrap-wizard.js:
--------------------------------------------------------------------------------
  1 | /*!
  2 | 
  3 |  =========================================================
  4 |  * Material Bootstrap Wizard - v1.0.2
  5 |  =========================================================
  6 |  
  7 |  * Product Page: https://www.creative-tim.com/product/material-bootstrap-wizard
  8 |  * Copyright 2017 Creative Tim (#)
  9 |  * Licensed under MIT (https://github.com/creativetimofficial/material-bootstrap-wizard/blob/master/LICENSE.md)
 10 |  
 11 |  =========================================================
 12 |  
 13 |  * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 14 |  */
 15 | 
 16 | // Material Bootstrap Wizard Functions
 17 | 
 18 | var searchVisible = 0;
 19 | var transparent = true;
 20 | var mobile_device = false;
 21 | 
 22 | $(document).ready(function(){
 23 | 
 24 |     $.material.init();
 25 | 
 26 |     /*  Activate the tooltips      */
 27 |     $('[rel="tooltip"]').tooltip();
 28 | 
 29 |     // Code for the Validator
 30 |     var $validator = $('.wizard-card form').validate({
 31 | 		  rules: {
 32 | 		    firstname: {
 33 | 		      required: true,
 34 | 		      minlength: 3
 35 | 		    },
 36 | 		    lastname: {
 37 | 		      required: true,
 38 | 		      minlength: 3
 39 | 		    },
 40 | 		    email: {
 41 | 		      required: true,
 42 | 		      minlength: 3,
 43 | 		    }
 44 |         },
 45 | 
 46 |         errorPlacement: function(error, element) {
 47 |             $(element).parent('div').addClass('has-error');
 48 |          }
 49 | 	});
 50 | 
 51 |     // Wizard Initialization
 52 |   	$('.wizard-card').bootstrapWizard({
 53 |         'tabClass': 'nav nav-pills',
 54 |         'nextSelector': '.btn-next',
 55 |         'previousSelector': '.btn-previous',
 56 | 
 57 |         onNext: function(tab, navigation, index) {
 58 |         	var $valid = $('.wizard-card form').valid();
 59 |         	if(!$valid) {
 60 |         		$validator.focusInvalid();
 61 |         		return false;
 62 |         	}
 63 |         },
 64 | 
 65 |         onInit : function(tab, navigation, index){
 66 |             //check number of tabs and fill the entire row
 67 |             var $total = navigation.find('li').length;
 68 |             var $wizard = navigation.closest('.wizard-card');
 69 | 
 70 |             $first_li = navigation.find('li:first-child a').html();
 71 |             $moving_div = $('<div class="moving-tab">' + $first_li + '</div>');
 72 |             $('.wizard-card .wizard-navigation').append($moving_div);
 73 | 
 74 |             refreshAnimation($wizard, index);
 75 | 
 76 |             $('.moving-tab').css('transition','transform 0s');
 77 |        },
 78 | 
 79 |         onTabClick : function(tab, navigation, index){
 80 |             var $valid = $('.wizard-card form').valid();
 81 | 
 82 |             if(!$valid){
 83 |                 return false;
 84 |             } else{
 85 |                 return true;
 86 |             }
 87 |         },
 88 | 
 89 |         onTabShow: function(tab, navigation, index) {
 90 |             var $total = navigation.find('li').length;
 91 |             var $current = index+1;
 92 | 
 93 |             var $wizard = navigation.closest('.wizard-card');
 94 | 
 95 |             // If it's the last tab then hide the last button and show the finish instead
 96 |             if($current >= $total) {
 97 |                 $($wizard).find('.btn-next').hide();
 98 |                 $($wizard).find('.btn-finish').show();
 99 |             } else {
100 |                 $($wizard).find('.btn-next').show();
101 |                 $($wizard).find('.btn-finish').hide();
102 |             }
103 | 
104 |             button_text = navigation.find('li:nth-child(' + $current + ') a').html();
105 | 
106 |             setTimeout(function(){
107 |                 $('.moving-tab').text(button_text);
108 |             }, 150);
109 | 
110 |             var checkbox = $('.footer-checkbox');
111 | 
112 |             if( !index == 0 ){
113 |                 $(checkbox).css({
114 |                     'opacity':'0',
115 |                     'visibility':'hidden',
116 |                     'position':'absolute'
117 |                 });
118 |             } else {
119 |                 $(checkbox).css({
120 |                     'opacity':'1',
121 |                     'visibility':'visible'
122 |                 });
123 |             }
124 | 
125 |             refreshAnimation($wizard, index);
126 |         }
127 |   	});
128 | 
129 | 
130 |     // Prepare the preview for profile picture
131 |     $("#wizard-picture").change(function(){
132 |         readURL(this);
133 |     });
134 | 
135 |     $('[data-toggle="wizard-radio"]').click(function(){
136 |         wizard = $(this).closest('.wizard-card');
137 |         wizard.find('[data-toggle="wizard-radio"]').removeClass('active');
138 |         $(this).addClass('active');
139 |         $(wizard).find('[type="radio"]').removeAttr('checked');
140 |         $(this).find('[type="radio"]').attr('checked','true');
141 |     });
142 | 
143 |     $('[data-toggle="wizard-checkbox"]').click(function(){
144 |         if( $(this).hasClass('active')){
145 |             $(this).removeClass('active');
146 |             $(this).find('[type="checkbox"]').removeAttr('checked');
147 |         } else {
148 |             $(this).addClass('active');
149 |             $(this).find('[type="checkbox"]').attr('checked','true');
150 |         }
151 |     });
152 | 
153 |     $('.set-full-height').css('height', 'auto');
154 | 
155 | });
156 | 
157 | 
158 | 
159 |  //Function to show image before upload
160 | 
161 | function readURL(input) {
162 |     if (input.files && input.files[0]) {
163 |         var reader = new FileReader();
164 | 
165 |         reader.onload = function (e) {
166 |             $('#wizardPicturePreview').attr('src', e.target.result).fadeIn('slow');
167 |         }
168 |         reader.readAsDataURL(input.files[0]);
169 |     }
170 | }
171 | 
172 | $(window).resize(function(){
173 |     $('.wizard-card').each(function(){
174 |         $wizard = $(this);
175 | 
176 |         index = $wizard.bootstrapWizard('currentIndex');
177 |         refreshAnimation($wizard, index);
178 | 
179 |         $('.moving-tab').css({
180 |             'transition': 'transform 0s'
181 |         });
182 |     });
183 | });
184 | 
185 | function refreshAnimation($wizard, index){
186 |     $total = $wizard.find('.nav li').length;
187 |     $li_width = 100/$total;
188 | 
189 |     total_steps = $wizard.find('.nav li').length;
190 |     move_distance = $wizard.width() / total_steps;
191 |     index_temp = index;
192 |     vertical_level = 0;
193 | 
194 |     mobile_device = $(document).width() < 600 && $total > 3;
195 | 
196 |     if(mobile_device){
197 |         move_distance = $wizard.width() / 2;
198 |         index_temp = index % 2;
199 |         $li_width = 50;
200 |     }
201 | 
202 |     $wizard.find('.nav li').css('width',$li_width + '%');
203 | 
204 |     step_width = move_distance;
205 |     move_distance = move_distance * index_temp;
206 | 
207 |     $current = index + 1;
208 | 
209 |     if($current == 1 || (mobile_device == true && (index % 2 == 0) )){
210 |         move_distance -= 8;
211 |     } else if($current == total_steps || (mobile_device == true && (index % 2 == 1))){
212 |         move_distance += 8;
213 |     }
214 | 
215 |     if(mobile_device){
216 |         vertical_level = parseInt(index / 2);
217 |         vertical_level = vertical_level * 38;
218 |     }
219 | 
220 |     $wizard.find('.moving-tab').css('width', step_width);
221 |     $('.moving-tab').css({
222 |         'transform':'translate3d(' + move_distance + 'px, ' + vertical_level +  'px, 0)',
223 |         'transition': 'all 0.5s cubic-bezier(0.29, 1.42, 0.79, 1)'
224 | 
225 |     });
226 | }
227 | 
228 | materialDesign = {
229 | 
230 |     checkScrollForTransparentNavbar: debounce(function() {
231 |                 if($(document).scrollTop() > 260 ) {
232 |                     if(transparent) {
233 |                         transparent = false;
234 |                         $('.navbar-color-on-scroll').removeClass('navbar-transparent');
235 |                     }
236 |                 } else {
237 |                     if( !transparent ) {
238 |                         transparent = true;
239 |                         $('.navbar-color-on-scroll').addClass('navbar-transparent');
240 |                     }
241 |                 }
242 |         }, 17)
243 | 
244 | }
245 | 
246 | function debounce(func, wait, immediate) {
247 | 	var timeout;
248 | 	return function() {
249 | 		var context = this, args = arguments;
250 | 		clearTimeout(timeout);
251 | 		timeout = setTimeout(function() {
252 | 			timeout = null;
253 | 			if (!immediate) func.apply(context, args);
254 | 		}, wait);
255 | 		if (immediate && !timeout) func.apply(context, args);
256 | 	};
257 | };
258 | 


--------------------------------------------------------------------------------
/Csharp_xxe/Csharp_xxe/packages.config:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <packages>
 3 |   <package id="Antlr" version="3.4.1.9004" targetFramework="net452" />
 4 |   <package id="bootstrap" version="3.0.0" targetFramework="net452" />
 5 |   <package id="EntityFramework" version="6.1.3" targetFramework="net452" />
 6 |   <package id="EntityFramework.zh-Hans" version="6.1.3" targetFramework="net452" />
 7 |   <package id="jQuery" version="1.10.2" targetFramework="net452" />
 8 |   <package id="jQuery.Validation" version="1.11.1" targetFramework="net452" />
 9 |   <package id="Microsoft.ApplicationInsights" version="2.0.0" targetFramework="net452" />
10 |   <package id="Microsoft.ApplicationInsights.Agent.Intercept" version="1.2.1" targetFramework="net452" />
11 |   <package id="Microsoft.ApplicationInsights.DependencyCollector" version="2.0.0" targetFramework="net452" />
12 |   <package id="Microsoft.ApplicationInsights.JavaScript" version="0.22.9-build00167" targetFramework="net452" />
13 |   <package id="Microsoft.ApplicationInsights.PerfCounterCollector" version="2.0.0" targetFramework="net452" />
14 |   <package id="Microsoft.ApplicationInsights.Web" version="2.0.0" targetFramework="net452" />
15 |   <package id="Microsoft.ApplicationInsights.WindowsServer" version="2.0.0" targetFramework="net452" />
16 |   <package id="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel" version="2.0.0" targetFramework="net452" />
17 |   <package id="Microsoft.AspNet.Identity.Core" version="2.2.1" targetFramework="net452" />
18 |   <package id="Microsoft.AspNet.Identity.Core.zh-Hans" version="2.2.1" targetFramework="net452" />
19 |   <package id="Microsoft.AspNet.Identity.EntityFramework" version="2.2.1" targetFramework="net452" />
20 |   <package id="Microsoft.AspNet.Identity.EntityFramework.zh-Hans" version="2.2.1" targetFramework="net452" />
21 |   <package id="Microsoft.AspNet.Identity.Owin" version="2.2.1" targetFramework="net452" />
22 |   <package id="Microsoft.AspNet.Identity.Owin.zh-Hans" version="2.2.1" targetFramework="net452" />
23 |   <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net452" />
24 |   <package id="Microsoft.AspNet.Mvc.zh-Hans" version="5.2.3" targetFramework="net452" />
25 |   <package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net452" />
26 |   <package id="Microsoft.AspNet.Razor.zh-Hans" version="3.2.3" targetFramework="net452" />
27 |   <package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net452" />
28 |   <package id="Microsoft.AspNet.Web.Optimization.zh-Hans" version="1.1.3" targetFramework="net452" />
29 |   <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net452" />
30 |   <package id="Microsoft.AspNet.WebPages.zh-Hans" version="3.2.3" targetFramework="net452" />
31 |   <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="1.0.0" targetFramework="net452" />
32 |   <package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.3" targetFramework="net452" />
33 |   <package id="Microsoft.Net.Compilers" version="1.0.0" targetFramework="net452" developmentDependency="true" />
34 |   <package id="Microsoft.Owin" version="3.0.1" targetFramework="net452" />
35 |   <package id="Microsoft.Owin.Host.SystemWeb" version="3.0.1" targetFramework="net452" />
36 |   <package id="Microsoft.Owin.Host.SystemWeb.zh-Hans" version="3.0.1" targetFramework="net452" />
37 |   <package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net452" />
38 |   <package id="Microsoft.Owin.Security.Cookies" version="3.0.1" targetFramework="net452" />
39 |   <package id="Microsoft.Owin.Security.Facebook" version="3.0.1" targetFramework="net452" />
40 |   <package id="Microsoft.Owin.Security.Facebook.zh-Hans" version="3.0.1" targetFramework="net452" />
41 |   <package id="Microsoft.Owin.Security.Google" version="3.0.1" targetFramework="net452" />
42 |   <package id="Microsoft.Owin.Security.Google.zh-Hans" version="3.0.1" targetFramework="net452" />
43 |   <package id="Microsoft.Owin.Security.MicrosoftAccount" version="3.0.1" targetFramework="net452" />
44 |   <package id="Microsoft.Owin.Security.MicrosoftAccount.zh-Hans" version="3.0.1" targetFramework="net452" />
45 |   <package id="Microsoft.Owin.Security.OAuth" version="3.0.1" targetFramework="net452" />
46 |   <package id="Microsoft.Owin.Security.Twitter" version="3.0.1" targetFramework="net452" />
47 |   <package id="Microsoft.Owin.Security.Twitter.zh-Hans" version="3.0.1" targetFramework="net452" />
48 |   <package id="Microsoft.Owin.Security.zh-Hans" version="3.0.1" targetFramework="net452" />
49 |   <package id="Microsoft.Owin.zh-Hans" version="3.0.1" targetFramework="net452" />
50 |   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net452" />
51 |   <package id="Modernizr" version="2.6.2" targetFramework="net452" />
52 |   <package id="Newtonsoft.Json" version="6.0.4" targetFramework="net452" />
53 |   <package id="Owin" version="1.0" targetFramework="net452" />
54 |   <package id="Respond" version="1.2.0" targetFramework="net452" />
55 |   <package id="WebGrease" version="1.5.2" targetFramework="net452" />
56 | </packages>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # xxe-lab
 2 | 
 3 | ![XXE-Lab](doc/XXE-LAB.png)
 4 | 
 5 | xxe-lab是一个使用php,java,python,C#四种当下最常用语言的网站编写语言来编写的一个存在xxe漏洞的web demo。
 6 | 
 7 | 由于xxe的payload在不同的语言内置的xml解析器中解析效果不一样，为了研究它们的不同。我分别使用当下最常用的四种网站编写语言写了存在xxe漏洞的web dome,为了以后得测试方便，就将这些demoe整合为xxe-lab。代码力求简洁简单，尽量只使用原生库，同时在注释部分包含了修复漏洞的代码。ruby版本有时间再加入！
 8 | 
 9 | ## 安装
10 | #### 1.php_xxe
11 | 
12 | 直接放在php web页面下即可运行。
13 | 
14 | #### 2.java_xxe
15 | 
16 | java_xxe是serlvet项目，直接导入eclipse当中即可部署运行。
17 | 
18 | #### 3.python_xxe: 
19 | 
20 | * 安装好Flask模块
21 | * python xxe.py
22 | 
23 | #### 4.Csharp_xxe 
24 | 直接导入VS中运行
25 | ## 主界面
26 | 
27 | ![php_xxe](doc/php_xxe.png)
28 | 
29 | ![java_xxe](doc/java_xxe.png)
30 | 
31 | ![python_xxe](doc/python_xxe.png)
32 | 
33 | ![Csharp_xxe](doc/Csharp_xxe.png)
34 | 
35 | ## 测试
36 | 搭建好环境后就可以对各个语言版本进行测试了。这里以PHP为例子。
37 | 
38 | ![php XXE演示](doc/php_xxe_demo.gif)
39 | 


--------------------------------------------------------------------------------
/doc/Csharp_xxe.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/doc/Csharp_xxe.png


--------------------------------------------------------------------------------
/doc/XXE-LAB.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/doc/XXE-LAB.png


--------------------------------------------------------------------------------
/doc/java_xxe.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/doc/java_xxe.png


--------------------------------------------------------------------------------
/doc/php_xxe.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/doc/php_xxe.png


--------------------------------------------------------------------------------
/doc/php_xxe_demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/doc/php_xxe_demo.gif


--------------------------------------------------------------------------------
/doc/python_xxe.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/doc/python_xxe.png


--------------------------------------------------------------------------------
/java_xxe/.classpath:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <classpath>
 3 | 	<classpathentry kind="src" path="src"/>
 4 | 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/jre1.8.0_131">
 5 | 		<attributes>
 6 | 			<attribute name="owner.project.facets" value="java"/>
 7 | 		</attributes>
 8 | 	</classpathentry>
 9 | 	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v7.0">
10 | 		<attributes>
11 | 			<attribute name="owner.project.facets" value="jst.web"/>
12 | 		</attributes>
13 | 	</classpathentry>
14 | 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
15 | 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
16 | 	<classpathentry kind="output" path="build/classes"/>
17 | </classpath>
18 | 


--------------------------------------------------------------------------------
/java_xxe/.project:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <projectDescription>
 3 | 	<name>java_xxe</name>
 4 | 	<comment></comment>
 5 | 	<projects>
 6 | 	</projects>
 7 | 	<buildSpec>
 8 | 		<buildCommand>
 9 | 			<name>org.eclipse.jdt.core.javabuilder</name>
10 | 			<arguments>
11 | 			</arguments>
12 | 		</buildCommand>
13 | 		<buildCommand>
14 | 			<name>org.eclipse.wst.common.project.facet.core.builder</name>
15 | 			<arguments>
16 | 			</arguments>
17 | 		</buildCommand>
18 | 		<buildCommand>
19 | 			<name>org.eclipse.wst.validation.validationbuilder</name>
20 | 			<arguments>
21 | 			</arguments>
22 | 		</buildCommand>
23 | 	</buildSpec>
24 | 	<natures>
25 | 		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
26 | 		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
27 | 		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
28 | 		<nature>org.eclipse.jdt.core.javanature</nature>
29 | 		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
30 | 	</natures>
31 | </projectDescription>
32 | 


--------------------------------------------------------------------------------
/java_xxe/WebContent/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Class-Path: 
3 | 
4 | 


--------------------------------------------------------------------------------
/java_xxe/WebContent/WEB-INF/web.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <web-app xmlns="http://java.sun.com/xml/ns/javaee"  
 3 |   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
 4 |   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"  
 5 |   version="3.0">  
 6 | <servlet>
 7 |     <servlet-name>doLogin</servlet-name>
 8 |     <servlet-class>me.gv7.xxe.LoginServlet</servlet-class>
 9 | </servlet>
10 | <servlet-mapping>
11 |     <servlet-name>doLogin</servlet-name>
12 |     <url-pattern>/doLogin</url-pattern>
13 | </servlet-mapping>
14 | </web-app>


--------------------------------------------------------------------------------
/java_xxe/WebContent/css/demo.css:
--------------------------------------------------------------------------------
  1 | .logo-container{
  2 |     left: 50px;
  3 |     position: absolute;
  4 |     top: 20px;
  5 |     z-index: 3;
  6 | }
  7 | .logo-container .logo{
  8 |     overflow: hidden;
  9 |     border-radius: 50%;
 10 |     border: 1px solid #333333;
 11 |     width: 60px;
 12 |     float: left;
 13 | }
 14 | .logo-container .brand{
 15 |     font-size: 18px;
 16 |     color: #FFF;
 17 |     line-height: 20px;
 18 |     float: left;
 19 |     margin-left: 10px;
 20 |     margin-top: 10px;
 21 |     width: 60px
 22 | }
 23 | 
 24 | body{
 25 |     background-color: #CCCCCC;
 26 | }
 27 | 
 28 | .section .wizard-card{
 29 |     min-height: inherit;
 30 | }
 31 | 
 32 | .tim-row{
 33 |     margin-bottom: 20px;
 34 | }
 35 | 
 36 | .tim-white-buttons {
 37 |     background-color: #777777;
 38 | }
 39 | .title{
 40 |     margin-top: 30px;
 41 |     margin-bottom: 25px;
 42 |     min-height: 32px;
 43 |     font-weight: 500;
 44 | }
 45 | 
 46 | 
 47 | 
 48 | .title.text-center{
 49 |     margin-bottom: 50px;
 50 | }
 51 | .tim-typo{
 52 |     padding-left: 25%;
 53 |     margin-bottom: 40px;
 54 |     position: relative;
 55 | }
 56 | .tim-typo .tim-note{
 57 |     bottom: 10px;
 58 |     color: #c0c1c2;
 59 |     display: block;
 60 |     font-weight: 400;
 61 |     font-size: 13px;
 62 |     line-height: 13px;
 63 |     left: 0;
 64 |     margin-left: 20px;
 65 |     position: absolute;
 66 |     width: 260px;
 67 | }
 68 | .tim-row{
 69 |     padding-top: 50px;
 70 | }
 71 | .tim-row h3{
 72 |     margin-top: 0;
 73 | }
 74 | .switch{
 75 |     margin-right: 20px;
 76 | }
 77 | .copyrights{
 78 | 	text-indent:-9999px;
 79 | 	height:0;
 80 | 	line-height:0;
 81 | 	font-size:0;
 82 | 	overflow:hidden;
 83 | }
 84 | #navbar-full .navbar{
 85 |     border-radius: 0 !important;
 86 |     margin-bottom: 15px;
 87 |     z-index: 2;
 88 | }
 89 | .space{
 90 |     height: 130px;
 91 |     display: block;
 92 | }
 93 | .space-110{
 94 |     height: 110px;
 95 |     display: block;
 96 | }
 97 | .space-50{
 98 |     height: 50px;
 99 |     display: block;
100 | }
101 | .space-70{
102 |     height: 70px;
103 |     display: block;
104 | }
105 | .navigation-example .img-src{
106 |     background-attachment: scroll;
107 | }
108 | 
109 | .navigation-example{
110 |     background-image: url('../img/bg.jpg');
111 |     background-position: center center;
112 |     background-size: cover;
113 |     margin-top:0;
114 |     min-height: 740px;
115 | }
116 | #notifications{
117 |     background-color: #FFFFFF;
118 |     display: block;
119 |     width: 100%;
120 |     position: relative;
121 | }
122 | #notifications .alert-danger{
123 |     margin-bottom: 0px;
124 | }
125 | .tim-note{
126 |     text-transform: capitalize;
127 | }
128 | 
129 | #buttons .btn{
130 |     margin: 0 0px 15px;
131 | }
132 | .space-100{
133 |     height: 100px;
134 |     display: block;
135 |     width: 100%;
136 | }
137 | 
138 | .be-social{
139 |     padding-bottom: 20px;
140 | /*     border-bottom: 1px solid #aaa; */
141 |     margin: 0 auto 40px;
142 | }
143 | .txt-white{
144 |     color: #FFFFFF;
145 | }
146 | .txt-gray{
147 |     color: #ddd !important;
148 | }
149 | 
150 | 
151 | .parallax{
152 |   width:100%;
153 |   height:570px;
154 | 
155 |   display: block;
156 |   background-attachment: fixed;
157 |     background-repeat:no-repeat;
158 |     background-size:cover;
159 |     background-position: center center;
160 | 
161 | }
162 | 
163 | .logo-container.logo-documentation{
164 |     position: relative;
165 |     top: 0;
166 |     left: 0;
167 | }
168 | 
169 | .logo-container .logo{
170 |     overflow: hidden;
171 |     border-radius: 50%;
172 |     border: 1px solid #333333;
173 |     width: 50px;
174 |     float: left;
175 | }
176 | 
177 | .logo-container .brand{
178 |     font-size: 16px;
179 |     line-height: 18px;
180 |     float: left;
181 |     margin-left: 10px;
182 |     margin-top: 7px;
183 |     width: 70px;
184 |     height: 40px;
185 |     text-align: left;
186 | }
187 | 
188 | 
189 | .navbar-default .logo-container .brand{
190 |     color: #999999;
191 | }
192 | .navbar-transparent .logo-container .brand{
193 |     color: #FFFFFF;
194 | }
195 | 
196 | .logo-container .brand-material{
197 |     font-size: 18px;
198 |     margin-top: 15px;
199 |     height: 25px;
200 |     width: auto;
201 | }
202 | 
203 | .logo-container .logo img{
204 |     width: 100%;
205 | }
206 | .navbar-small .logo-container .brand{
207 |     color: #333333;
208 | }
209 | 
210 | .fixed-section{
211 |     top: 90px;
212 |     max-height: 80vh;
213 |     overflow: scroll;
214 | }
215 | .fixed-section ul li{
216 |     list-style: none;
217 | }
218 | .fixed-section li a{
219 |     font-size: 14px;
220 |     padding: 2px;
221 |     display: block;
222 |     color: #666666;
223 | }
224 | .fixed-section li a.active{
225 |     color: #00bbff;
226 | }
227 | .fixed-section.float{
228 |     position: fixed;
229 |     top: 100px;
230 |     width: 200px;
231 |     margin-top: 0;
232 | }
233 | 
234 | 
235 | .parallax .parallax-image{
236 |     width: 100%;
237 |     overflow: hidden;
238 |     position: absolute;
239 | }
240 | .parallax .parallax-image img{
241 |     width: 100%;
242 | }
243 | 
244 | @media (max-width: 768px){
245 |     .parallax .parallax-image{
246 |          width: 100%;
247 |          height: 640px;
248 |          overflow: hidden;
249 |      }
250 |     .parallax .parallax-image img{
251 |        height: 100%;
252 |        width: auto;
253 |    }
254 | }
255 | 
256 | .separator{
257 |     content: "Separator";
258 |     color: #FFFFFF;
259 |     display: block;
260 |     width: 100%;
261 |     padding: 20px;
262 | }
263 | .separator-line{
264 |     background-color: #EEE;
265 |     height: 1px;
266 |     width: 100%;
267 |     display: block;
268 | }
269 | .separator.separator-gray{
270 |     background-color: #EEEEEE;
271 | }
272 | .social-buttons-demo .btn{
273 |     margin-right: 5px;
274 |     margin-bottom: 7px;
275 | }
276 | 
277 | .img-container{
278 |     width: 100%;
279 |     overflow: hidden;
280 | }
281 | .img-container img{
282 |     width: 100%;
283 | }
284 | 
285 | .lightbox img{
286 |     width: 100%;
287 | }
288 | .lightbox .modal-content{
289 |     overflow: hidden;
290 | }
291 | .lightbox .modal-body{
292 |     padding: 0;
293 | }
294 | @media screen and (min-width: 991px){
295 |     .lightbox .modal-dialog{
296 |         width: 960px;
297 |     }
298 | }
299 | 
300 | @media (max-width: 768px){
301 |     .btn, .btn-morphing{
302 |         margin-bottom: 10px;
303 |     }
304 |     .parallax .motto{
305 |         top: 170px;
306 |         margin-top: 0;
307 |         font-size: 60px;
308 |         width: 270px;
309 |     }
310 | }
311 | 
312 | /*       Loading dots  */
313 | 
314 | /*      transitions */
315 | .presentation .front, .presentation .front:after, .presentation .front .btn, .logo-container .logo, .logo-container .brand{
316 |      -webkit-transition: all .2s;
317 |     -moz-transition: all .2s;
318 |     -o-transition: all .2s;
319 |     transition: all .2s;
320 | }
321 | 
322 | 
323 | #images h4{
324 |     margin-bottom: 30px;
325 | }
326 | #javascriptComponents{
327 |     padding-bottom: 0;
328 | }
329 | #javascriptComponents .btn-raised{
330 |     margin: 10px 5px;
331 | }
332 | 
333 | 
334 | /*      layer animation          */
335 | 
336 | .layers-container{
337 |     display: block;
338 |     margin-top: 50px;
339 |     position: relative;
340 | }
341 | .layers-container img {
342 |   position: absolute;
343 |   width: 100%;
344 |   height: auto;
345 |   top: 0;
346 |   left: 0;
347 |   text-align: center;
348 | }
349 | 
350 | .section-black {
351 |   background-color: #333;
352 | }
353 | 
354 | .animate {
355 |   transition: 1.5s ease-in-out;
356 |   -moz-transition: 1.5s ease-in-out;
357 |   -webkit-transition: 1.5s ease-in-out;
358 | }
359 | 
360 | .navbar-default.navbar-small .logo-container .brand{
361 |     color: #333333;
362 | }
363 | .navbar-transparent.navbar-small .logo-container .brand{
364 |     color: #FFFFFF;
365 | }
366 | .navbar-default.navbar-small .logo-container .brand{
367 |     color: #333333;
368 | }
369 | 
370 | .sharing-area{
371 |     margin-top: 80px;
372 | }
373 | .sharing-area .btn{
374 |     margin: 15px 4px 0;
375 |     color: #FFFFFF;
376 | }
377 | .sharing-area .btn i{
378 |     font-size: 18px;
379 |     position: relative;
380 |     top: 2px;
381 |     margin-right: 5px;
382 | }
383 | .sharing-area .btn-twitter{
384 |     background-color: #55acee;
385 | }
386 | .sharing-area .btn-facebook{
387 |     background-color: #3b5998;
388 | }
389 | .sharing-area .btn-google-plus{
390 |     background-color: #dd4b39;
391 | }
392 | .sharing-area .btn-github{
393 |     background-color: #333333;
394 | }
395 | .section-thin,
396 | .section-notifications{
397 |     padding: 0;
398 | }
399 | .section-navbars{
400 |     padding-top: 0;
401 | }
402 | #navbar .navbar{
403 |     border-radius: 0;
404 | }
405 | .section-tabs{
406 |     background: #EEEEEE;
407 | }
408 | .section-pagination{
409 |     padding-bottom: 0;
410 | }
411 | .section-download h4{
412 |     margin-bottom: 50px;
413 | }
414 | .section-examples a{
415 |     text-decoration: none;
416 | }
417 | .section-examples h5{
418 |     margin-top: 30px;
419 | }
420 | .components-page .wrapper > .header,
421 | .tutorial-page .wrapper > .header{
422 |     height: 400px;
423 |     padding-top: 100px;
424 |     background-size: cover;
425 |     background-position: center center;
426 | }
427 | .components-page .title,
428 | .tutorial-page .title{
429 |     color: #FFFFFF;
430 | }
431 | 
432 | .main {
433 |   background: #FFFFFF;
434 |   position: relative;
435 |   z-index: 3;
436 | }
437 | 
438 | .main-raised {
439 |     margin: -60px 30px 0px;
440 |     border-radius: 6px;
441 |     box-shadow: 0 16px 24px 2px rgba(0, 0, 0, 0.14), 0 6px 30px 5px rgba(0, 0, 0, 0.12), 0 8px 10px -5px rgba(0, 0, 0, 0.2);
442 | }
443 | 
444 | .header-filter {
445 |   position: relative;
446 | }
447 | .header-filter:before, .header-filter:after {
448 |   position: absolute;
449 |   z-index: 1;
450 |   width: 100%;
451 |   height: 100%;
452 |   display: block;
453 |   left: 0;
454 |   top: 0;
455 |   content: "";
456 | }
457 | .header-filter::before {
458 |   background-color: rgba(0, 0, 0, 0.4);
459 | }
460 | .header-filter .container {
461 |   z-index: 2;
462 |   position: relative;
463 | }
464 | 
465 | .section {
466 |   padding: 70px 0;
467 |   background-position: center center;
468 |   background-size: cover;
469 | }
470 | 
471 | 
472 | 
473 | .navbar {
474 |   border: 0;
475 |   border-radius: 3px;
476 |   box-shadow: 0 10px 20px -12px rgba(0, 0, 0, 0.42), 0 3px 20px 0px rgba(0, 0, 0, 0.12), 0 8px 10px -5px rgba(0, 0, 0, 0.2);
477 |   padding: 10px 0;
478 | 
479 |   -webkit-transition: all 150ms ease 0s;
480 |  -moz-transition: all 150ms ease 0s;
481 |  -o-transition: all 150ms ease 0s;
482 |  -ms-transition: all 150ms ease 0s;
483 |  transition: all 150ms ease 0s;
484 | }
485 | .navbar .navbar-brand {
486 |   position: relative;
487 |   height: 50px;
488 |   line-height: 30px;
489 |   color: inherit;
490 |   padding: 10px 15px;
491 | }
492 | .navbar .navbar-brand:hover, .navbar .navbar-brand:focus {
493 |   color: inherit;
494 |   background-color: transparent;
495 | }
496 | 
497 | .navbar.navbar-transparent {
498 |   background-color: transparent;
499 |   box-shadow: none;
500 |   color: #fff;
501 |   padding-top: 25px;
502 | }
503 | 
504 | .navbar-fixed-top {
505 |   border-radius: 0;
506 | }
507 | 
508 | .navbar .navbar-nav > li > a .material-icons,
509 | .navbar .navbar-nav > li > a .fa {
510 |   font-size: 20px;
511 |   max-width: 20px;
512 | }
513 | .navbar .navbar-nav > li > a:hover,
514 | .navbar .navbar-nav > li > a:focus {
515 |     color: inherit;
516 |     background-color: transparent;
517 | }
518 | 
519 | .navbar .navbar-nav > li > a:not(.btn) .material-icons {
520 |   margin-top: -3px;
521 |   top: 0px;
522 |   position: relative;
523 |   margin-right: 3px;
524 | }
525 | 
526 | .navbar, .navbar.navbar-default {
527 |   background-color: #9c27b0;
528 |   color: #FFFFFF;
529 | }
530 | 
531 | .navbar .navbar-nav > li > a {
532 |   color: inherit;
533 |   padding-top: 15px;
534 |   padding-bottom: 15px;
535 |   font-weight: 400;
536 |   font-size: 12px;
537 |   text-transform: uppercase;
538 |   border-radius: 3px;
539 | }
540 | @media (max-width: 1199px) {
541 | 
542 |   .navbar .navbar-brand {
543 |     height: 50px;
544 |     padding: 10px 15px;
545 |   }
546 |   .navbar .navbar-nav > li > a {
547 |     padding-top: 15px;
548 |     padding-bottom: 15px;
549 |   }
550 | }
551 | 
552 | footer {
553 |   padding: 15px 0;
554 |   text-align: center;
555 | 
556 | }
557 | .footer a{
558 |     font-weight: bold;
559 | }
560 | 
561 | footer.footer-documentation{
562 |     margin-top: 0;
563 |     bottom: 0;
564 |     text-shadow: none;
565 |     color: inherit;
566 | }
567 | 
568 | footer.footer-documentation li a{
569 |     color: inherit;
570 | }
571 | 
572 | footer.footer-documentation li a:hover,
573 | footer.footer-documentation li a:focus{
574 |     color: #89229b;
575 | }
576 | 
577 | footer ul {
578 |   margin-bottom: 0;
579 |   padding: 0;
580 |   list-style: none;
581 | }
582 | footer ul li {
583 |   display: inline-block;
584 | }
585 | footer ul li a {
586 |   color: inherit;
587 |   padding: 15px;
588 |   font-weight: 500;
589 |   font-size: 12px;
590 |   text-transform: uppercase;
591 |   border-radius: 3px;
592 |   text-decoration: none;
593 |   position: relative;
594 |   display: block;
595 | }
596 | footer ul li a:hover {
597 |   text-decoration: none;
598 | }
599 | footer ul li .btn {
600 |   margin: 0;
601 | }
602 | footer ul.links-horizontal:first-child a {
603 |   padding-left: 0;
604 | }
605 | footer ul.links-horizontal:last-child a {
606 |   padding-right: 0;
607 | }
608 | footer ul.links-vertical li {
609 |   display: block;
610 | }
611 | footer ul.links-vertical li a {
612 |   padding: 5px 0;
613 | }
614 | footer .social-buttons a,
615 | footer .social-buttons .btn {
616 |   margin-top: 5px;
617 |   margin-bottom: 5px;
618 | }
619 | footer .footer-brand {
620 |   float: left;
621 |   height: 50px;
622 |   padding: 15px 15px;
623 |   font-size: 18px;
624 |   line-height: 20px;
625 |   margin-left: -15px;
626 | }
627 | footer .footer-brand:hover, footer .footer-brand:focus {
628 |   color: #3C4858;
629 | }
630 | footer .copyright {
631 |   padding: 15px 0;
632 |   text-align: center;
633 | }
634 | footer .copyright .material-icons {
635 |   font-size: 18px;
636 |   position: relative;
637 |   top: 3px;
638 | }
639 | footer .pull-center {
640 |   display: inline-block;
641 |   float: none;
642 | }
643 | 
644 | @media (max-width: 768px) {
645 |   .footer .copyright {
646 |     display: inline-block;
647 |     text-align: center;
648 |     padding: 10px 0;
649 |     float: none !important;
650 |     width: 100%;
651 |   }
652 | 
653 |   .navbar.navbar-transparent {
654 |     background-color: rgba(0, 0, 0, 0.4);
655 |     padding-top: 10px;
656 |     border-radius: 0;
657 |   }
658 | 
659 |   .main-raised {
660 |     margin-left: 10px;
661 |     margin-right: 10px;
662 |   }
663 | }
664 | 


--------------------------------------------------------------------------------
/java_xxe/WebContent/css/font.css:
--------------------------------------------------------------------------------
 1 | 
 2 | @font-face {font-family: "iconfont";
 3 |   src: url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.eot?t=1517926461910'); /* IE9*/
 4 |   src: url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.eot?t=1517926461910#iefix') format('embedded-opentype'), /* IE6-IE8 */
 5 |   url('data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAAXUAAsAAAAACFwAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFZW7kggY21hcAAAAYAAAABlAAABnM8LapNnbHlmAAAB6AAAAe8AAAIkfsWBm2hlYWQAAAPYAAAALwAAADYQXvaJaGhlYQAABAgAAAAcAAAAJAfeA4VobXR4AAAEJAAAABAAAAAQD+kAAGxvY2EAAAQ0AAAACgAAAAoBiADEbWF4cAAABEAAAAAfAAAAIAETAF1uYW1lAAAEYAAAAUUAAAJtPlT+fXBvc3QAAAWoAAAAKgAAADtO+ggHeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2Bk/sU4gYGVgYOpk+kMAwNDP4RmfM1gxMjBwMDEwMrMgBUEpLmmMDgwVDwzYW7438AQw9zA0AAUZgTJAQAn3gyieJzFkMENwCAMA51CK1R1Ct59og7UV0dg4qxBncCHCTC6kFiWggCwAwjkJhGQDwLTS1fcDzjdj3g4J56Nd9WspbWpM4knknfBknJgmWTd6lmX1zIm++864BM1d8zX0sH2A991EMsAAAB4nDXQT2sTQRgG8Hlmsn8Sk93uTjabbLpJNrG70bVR003ipiS9eLFYiJQexFNP4kERPBRUNCCCiAdzFwQb8OjRS5UI+hlM0IOin8FbVycUZ15434H38HuGSIT8/cmOWJFw0iQXyWUyIgRyiLpGXXhB1KIhLE+y7LzGgkbgKY16iw1g1+V8od2NfFtWZB0aKtjw2t2gRQN0oiHdRLvgAqWys2uurZrsJTLFoPI02aZvYFUbq/pwPblybivfrnH1IGuaJdN8ocqSpFKa0jXctgtpKZ2Rk6mkO9ZR9QytIlsKnKvXc7Wyuf8suuOu2WlgPAYv17S3W4ZjiHroFLhZUlZyatHJNU7ncfD7VJFnXf8XESclsh6zxzQhKjGIS9ZF0rxc96NuuyD9H5gGpQJ7iF4LrIWg07OD5a2KjHjCXS4Kg5P+aTqXpPn0cJFKLQ4nM7Z7/+xn67v/GqkZ+s0oGkVR86ThldiYLvfE9vEFNptknm/feHRrf3RXn8yEjQrbB3aT7QnXeeHy/G6vAsXu0kCm9oZAGULlCZYhXNZSO4DgDcU/ixdDci+1Mn5QVfYym++/1GQ17AP9EPMwBuI/AqubgB8HJhaXfhjpjxo4KHeTrx3EYfIujCmNQ1wL4+Tbjsa5tpOucNf3XV75B4awZxYAeJxjYGRgYABipxW+C+P5bb4ycLMwgMC1+TdtEfT/vSwMzKFALgcDE0gUADKhCsEAeJxjYGRgYG7438AQw8IAAkCSkQEVsAAARwoCbQQAAAAD6QAABAAAAAQAAAAAAAAAAHYAxAESAAB4nGNgZGBgYGEIZGBlAAEmIOYCQgaG/2A+AwAREgFxAHicZY9NTsMwEIVf+gekEqqoYIfkBWIBKP0Rq25YVGr3XXTfpk6bKokjx63UA3AejsAJOALcgDvwSCebNpbH37x5Y08A3OAHHo7fLfeRPVwyO3INF7gXrlN/EG6QX4SbaONVuEX9TdjHM6bCbXRheYPXuGL2hHdhDx18CNdwjU/hOvUv4Qb5W7iJO/wKt9Dx6sI+5l5XuI1HL/bHVi+cXqnlQcWhySKTOb+CmV7vkoWt0uqca1vEJlODoF9JU51pW91T7NdD5yIVWZOqCas6SYzKrdnq0AUb5/JRrxeJHoQm5Vhj/rbGAo5xBYUlDowxQhhkiMro6DtVZvSvsUPCXntWPc3ndFsU1P9zhQEC9M9cU7qy0nk6T4E9XxtSdXQrbsuelDSRXs1JErJCXta2VELqATZlV44RelzRiT8oZ0j/AAlabsgAAAB4nGNgYoAALgbsgIWRiZGZkYWRlYGxgi0zOT/P2IAlNzM3kYEBACnOBFYAAA==') format('woff'),
 6 |   url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.ttf?t=1517926461910') format('truetype'), /* chrome, firefox, opera, Safari, Android, iOS 4.2+*/
 7 |   url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.svg?t=1517926461910#iconfont') format('svg'); /* iOS 4.1- */
 8 | }
 9 | 
10 | .iconfont {
11 |   font-family:"iconfont" !important;
12 |   font-size:16px;
13 |   font-style:normal;
14 |   -webkit-font-smoothing: antialiased;
15 |   -moz-osx-font-smoothing: grayscale;
16 | }
17 | 
18 | .icon-icon30:before { content: "\e634"; }
19 | 
20 | .icon-mima:before { content: "\e622"; }
21 | 
22 | 


--------------------------------------------------------------------------------
/java_xxe/WebContent/css/icon.css:
--------------------------------------------------------------------------------
 1 | @font-face {
 2 |   font-family: 'Material Icons';
 3 |   font-style: normal;
 4 |   font-weight: 400;
 5 |   src: url(https://fonts.gstatic.com/s/materialicons/v36/2fcrYFNaTjcS6g4U3t-Y5SQZRqoBW5Q4K_a7BOZJO20.eot);
 6 | }
 7 | @font-face {
 8 |   font-family: 'Roboto';
 9 |   font-style: normal;
10 |   font-weight: 400;
11 |   src: url(https://fonts.gstatic.com/s/roboto/v18/5YB-ifwqHP20Yn46l_BDhA.eot);
12 | }
13 | @font-face {
14 |   font-family: 'Roboto Slab';
15 |   font-style: normal;
16 |   font-weight: 400;
17 |   src: url(https://fonts.gstatic.com/s/robotoslab/v7/y7lebkjgREBJK96VQi37ZmfQcKutQXcIrRfyR5jdjY8.eot);
18 | }
19 | 
20 | .material-icons {
21 |   font-family: 'Material Icons';
22 |   font-weight: normal;
23 |   font-style: normal;
24 |   font-size: 24px;
25 |   line-height: 1;
26 |   letter-spacing: normal;
27 |   text-transform: none;
28 |   display: inline-block;
29 |   white-space: nowrap;
30 |   word-wrap: normal;
31 |   direction: ltr;
32 | }
33 | 


--------------------------------------------------------------------------------
/java_xxe/WebContent/img/favicon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/java_xxe/WebContent/img/favicon.png


--------------------------------------------------------------------------------
/java_xxe/WebContent/img/java_logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/java_xxe/WebContent/img/java_logo.png


--------------------------------------------------------------------------------
/java_xxe/WebContent/index.html:
--------------------------------------------------------------------------------
  1 | <!doctype html>
  2 | <html lang="en">
  3 | <head>
  4 | 	<meta charset="utf-8" />
  5 | 	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
  6 | 	<link rel="shortcut icon" href="img/favicon.png" type="image/x-icon">
  7 | 
  8 | 	<title>XXE-Lab</title>
  9 | 
 10 | 	<meta content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0' name='viewport' />
 11 |     <meta name="viewport" content="width=device-width" />
 12 | 
 13 | 	<link rel="stylesheet" type="text/css" href="css/font.css" />
 14 | 	<link href="css/bootstrap.min.css" rel="stylesheet" />
 15 | 	<link href="css/material-bootstrap-wizard.css" rel="stylesheet" />
 16 | </head>
 17 | 
 18 | <body>
 19 | 	<div class="image-container set-full-height" style="background-color: #272822;">
 20 | 	    <!--   Creative Tim Branding   -->
 21 | 	    <!--   Big container   -->
 22 | 	    <div class="container" style="width: 970px;">
 23 | 	        <div class="row">
 24 | 		        <div class="col-sm-8 col-sm-offset-2">
 25 | 		            <!--      Wizard container        -->
 26 | 		            <div class="wizard-container">
 27 | 		                <div class="card wizard-card" data-color="green" id="wizardProfile">
 28 | 		                    <form>
 29 | 		                    	<div class="wizard-header">
 30 | 		                        	<h3 class="wizard-title">
 31 | 		                        	   <a href="http://github.com/c0ny1/xxe-lab">XXE-Lab for Java</a>
 32 | 		                        	</h3>
 33 | 									<img src="img/java_logo.png">
 34 | 		                    	</div>
 35 | 								<div class="wizard-navigation">
 36 | 									<ul>
 37 | 			                            <li><a href="#about" data-toggle="tab">tips:</a></li>
 38 | 			                            <li><a href="javascript:void(0)" ><span style="color:red;" class="msg"></span></a></li>
 39 | 										<li><a href="javascript:void(0)"></a></li>
 40 | 			                        </ul>
 41 | 								</div>
 42 | 
 43 | 		                        <div class="tab-content">
 44 | 		                            <div class="tab-pane" id="about">
 45 | 		                              <div class="row">
 46 | 		                                	<div class="col-sm-6">
 47 | 												<div class="input-group" style="margin-left: 30%;">
 48 | 													<span class="input-group-addon">
 49 | 														<i class="iconfont icon-icon30" style="font-size:25px;"></i>
 50 | 													</span>
 51 | 													<div class="form-group label-floating">
 52 | 			                                          <label class="control-label">UserName</label>
 53 | 			                                          <input id="username" name="username" style="width: 200%;" type="text" class="form-control">
 54 | 			                                        </div>
 55 | 												</div>
 56 | 												<div class="input-group" style="margin-left: 30%;">
 57 | 													<span class="input-group-addon">
 58 | 														<i class="iconfont icon-mima" style="font-size:25px;"></i>
 59 | 													</span>
 60 | 													<div class="form-group label-floating">
 61 | 													  <label class="control-label">Password</label>
 62 | 													  <input id="password" name="password" style="width: 200%;" type="password" class="form-control">
 63 | 													</div>
 64 | 												</div>
 65 | 		                                	</div>
 66 | 		                            	</div>
 67 | 		                            </div>
 68 | 		                            
 69 | 		                            
 70 | 		                        </div>
 71 | 		                        <div class="wizard-footer">
 72 | 		                            <div class="pull-right">
 73 | 		                                <input type='button' class='btn btn-fill btn-success btn-wd' name='next' value='login' onclick="javascript:doLogin()" />
 74 | 		                            </div>
 75 | 
 76 | 		                            <div class="clearfix"></div>
 77 | 		                        </div>
 78 | 		                    </form>
 79 | 		                </div>
 80 | 		            </div> <!-- wizard container -->
 81 | 		        </div>
 82 | 	        </div><!-- end row -->
 83 | 	    </div> <!--  big container -->
 84 | 
 85 | 	    <div class="footer">
 86 | 	        <div class="container text-center">
 87 | 	             Copyright By <a href="http://gv7.me">c0ny1</a>
 88 | 	        </div>
 89 | 	    </div>
 90 | 	</div>
 91 | </body>
 92 | <!--   Core JS Files   -->
 93 | <script src="js/jquery-2.2.4.min.js" type="text/javascript"></script>
 94 | <script src="js/bootstrap.min.js" type="text/javascript"></script>
 95 | <script src="js/jquery.bootstrap.js" type="text/javascript"></script>
 96 | 
 97 | <!--  Plugin for the Wizard -->
 98 | <script src="js/material-bootstrap-wizard.js"></script>
 99 | 
100 | <script src="js/jquery.validate.min.js"></script>
101 | <script type='text/javascript'> 
102 | function doLogin(){
103 | 	var username = $("#username").val();
104 | 	var password = $("#password").val();
105 | 	if(username == "" || password == ""){
106 | 		alert("Please enter the username and password!");
107 | 		return;
108 | 	}
109 | 	
110 | 	var data = "<user><username>" + username + "</username><password>" + password + "</password></user>"; 
111 |     $.ajax({
112 |         type: "POST",
113 |         url: "doLogin",
114 |         contentType: "application/xml;charset=utf-8",
115 |         data: data,
116 |         dataType: "xml",
117 |         anysc: false,
118 |         success: function (result) {
119 |         	var code = result.getElementsByTagName("code")[0].childNodes[0].nodeValue;
120 |         	var msg = result.getElementsByTagName("msg")[0].childNodes[0].nodeValue;
121 |         	if(code == "0"){
122 |         		$(".msg").text(msg + " login fail!");
123 |         	}else if(code == "1"){
124 |         		$(".msg").text(msg + " login success!");
125 |         	}else{
126 |         		$(".msg").text("error:" + msg);
127 |         	}
128 |         },
129 |         error: function (XMLHttpRequest,textStatus,errorThrown) {
130 |             $(".msg").text(errorThrown + ':' + textStatus);
131 |         }
132 |     }); 
133 | }
134 | </script>
135 | </html>
136 | 


--------------------------------------------------------------------------------
/java_xxe/WebContent/js/material-bootstrap-wizard.js:
--------------------------------------------------------------------------------
  1 | /*!
  2 | 
  3 |  =========================================================
  4 |  * Material Bootstrap Wizard - v1.0.2
  5 |  =========================================================
  6 |  
  7 |  * Product Page: https://www.creative-tim.com/product/material-bootstrap-wizard
  8 |  * Copyright 2017 Creative Tim (#)
  9 |  * Licensed under MIT (https://github.com/creativetimofficial/material-bootstrap-wizard/blob/master/LICENSE.md)
 10 |  
 11 |  =========================================================
 12 |  
 13 |  * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 14 |  */
 15 | 
 16 | // Material Bootstrap Wizard Functions
 17 | 
 18 | var searchVisible = 0;
 19 | var transparent = true;
 20 | var mobile_device = false;
 21 | 
 22 | $(document).ready(function(){
 23 | 
 24 |     $.material.init();
 25 | 
 26 |     /*  Activate the tooltips      */
 27 |     $('[rel="tooltip"]').tooltip();
 28 | 
 29 |     // Code for the Validator
 30 |     var $validator = $('.wizard-card form').validate({
 31 | 		  rules: {
 32 | 		    firstname: {
 33 | 		      required: true,
 34 | 		      minlength: 3
 35 | 		    },
 36 | 		    lastname: {
 37 | 		      required: true,
 38 | 		      minlength: 3
 39 | 		    },
 40 | 		    email: {
 41 | 		      required: true,
 42 | 		      minlength: 3,
 43 | 		    }
 44 |         },
 45 | 
 46 |         errorPlacement: function(error, element) {
 47 |             $(element).parent('div').addClass('has-error');
 48 |          }
 49 | 	});
 50 | 
 51 |     // Wizard Initialization
 52 |   	$('.wizard-card').bootstrapWizard({
 53 |         'tabClass': 'nav nav-pills',
 54 |         'nextSelector': '.btn-next',
 55 |         'previousSelector': '.btn-previous',
 56 | 
 57 |         onNext: function(tab, navigation, index) {
 58 |         	var $valid = $('.wizard-card form').valid();
 59 |         	if(!$valid) {
 60 |         		$validator.focusInvalid();
 61 |         		return false;
 62 |         	}
 63 |         },
 64 | 
 65 |         onInit : function(tab, navigation, index){
 66 |             //check number of tabs and fill the entire row
 67 |             var $total = navigation.find('li').length;
 68 |             var $wizard = navigation.closest('.wizard-card');
 69 | 
 70 |             $first_li = navigation.find('li:first-child a').html();
 71 |             $moving_div = $('<div class="moving-tab">' + $first_li + '</div>');
 72 |             $('.wizard-card .wizard-navigation').append($moving_div);
 73 | 
 74 |             refreshAnimation($wizard, index);
 75 | 
 76 |             $('.moving-tab').css('transition','transform 0s');
 77 |        },
 78 | 
 79 |         onTabClick : function(tab, navigation, index){
 80 |             var $valid = $('.wizard-card form').valid();
 81 | 
 82 |             if(!$valid){
 83 |                 return false;
 84 |             } else{
 85 |                 return true;
 86 |             }
 87 |         },
 88 | 
 89 |         onTabShow: function(tab, navigation, index) {
 90 |             var $total = navigation.find('li').length;
 91 |             var $current = index+1;
 92 | 
 93 |             var $wizard = navigation.closest('.wizard-card');
 94 | 
 95 |             // If it's the last tab then hide the last button and show the finish instead
 96 |             if($current >= $total) {
 97 |                 $($wizard).find('.btn-next').hide();
 98 |                 $($wizard).find('.btn-finish').show();
 99 |             } else {
100 |                 $($wizard).find('.btn-next').show();
101 |                 $($wizard).find('.btn-finish').hide();
102 |             }
103 | 
104 |             button_text = navigation.find('li:nth-child(' + $current + ') a').html();
105 | 
106 |             setTimeout(function(){
107 |                 $('.moving-tab').text(button_text);
108 |             }, 150);
109 | 
110 |             var checkbox = $('.footer-checkbox');
111 | 
112 |             if( !index == 0 ){
113 |                 $(checkbox).css({
114 |                     'opacity':'0',
115 |                     'visibility':'hidden',
116 |                     'position':'absolute'
117 |                 });
118 |             } else {
119 |                 $(checkbox).css({
120 |                     'opacity':'1',
121 |                     'visibility':'visible'
122 |                 });
123 |             }
124 | 
125 |             refreshAnimation($wizard, index);
126 |         }
127 |   	});
128 | 
129 | 
130 |     // Prepare the preview for profile picture
131 |     $("#wizard-picture").change(function(){
132 |         readURL(this);
133 |     });
134 | 
135 |     $('[data-toggle="wizard-radio"]').click(function(){
136 |         wizard = $(this).closest('.wizard-card');
137 |         wizard.find('[data-toggle="wizard-radio"]').removeClass('active');
138 |         $(this).addClass('active');
139 |         $(wizard).find('[type="radio"]').removeAttr('checked');
140 |         $(this).find('[type="radio"]').attr('checked','true');
141 |     });
142 | 
143 |     $('[data-toggle="wizard-checkbox"]').click(function(){
144 |         if( $(this).hasClass('active')){
145 |             $(this).removeClass('active');
146 |             $(this).find('[type="checkbox"]').removeAttr('checked');
147 |         } else {
148 |             $(this).addClass('active');
149 |             $(this).find('[type="checkbox"]').attr('checked','true');
150 |         }
151 |     });
152 | 
153 |     $('.set-full-height').css('height', 'auto');
154 | 
155 | });
156 | 
157 | 
158 | 
159 |  //Function to show image before upload
160 | 
161 | function readURL(input) {
162 |     if (input.files && input.files[0]) {
163 |         var reader = new FileReader();
164 | 
165 |         reader.onload = function (e) {
166 |             $('#wizardPicturePreview').attr('src', e.target.result).fadeIn('slow');
167 |         }
168 |         reader.readAsDataURL(input.files[0]);
169 |     }
170 | }
171 | 
172 | $(window).resize(function(){
173 |     $('.wizard-card').each(function(){
174 |         $wizard = $(this);
175 | 
176 |         index = $wizard.bootstrapWizard('currentIndex');
177 |         refreshAnimation($wizard, index);
178 | 
179 |         $('.moving-tab').css({
180 |             'transition': 'transform 0s'
181 |         });
182 |     });
183 | });
184 | 
185 | function refreshAnimation($wizard, index){
186 |     $total = $wizard.find('.nav li').length;
187 |     $li_width = 100/$total;
188 | 
189 |     total_steps = $wizard.find('.nav li').length;
190 |     move_distance = $wizard.width() / total_steps;
191 |     index_temp = index;
192 |     vertical_level = 0;
193 | 
194 |     mobile_device = $(document).width() < 600 && $total > 3;
195 | 
196 |     if(mobile_device){
197 |         move_distance = $wizard.width() / 2;
198 |         index_temp = index % 2;
199 |         $li_width = 50;
200 |     }
201 | 
202 |     $wizard.find('.nav li').css('width',$li_width + '%');
203 | 
204 |     step_width = move_distance;
205 |     move_distance = move_distance * index_temp;
206 | 
207 |     $current = index + 1;
208 | 
209 |     if($current == 1 || (mobile_device == true && (index % 2 == 0) )){
210 |         move_distance -= 8;
211 |     } else if($current == total_steps || (mobile_device == true && (index % 2 == 1))){
212 |         move_distance += 8;
213 |     }
214 | 
215 |     if(mobile_device){
216 |         vertical_level = parseInt(index / 2);
217 |         vertical_level = vertical_level * 38;
218 |     }
219 | 
220 |     $wizard.find('.moving-tab').css('width', step_width);
221 |     $('.moving-tab').css({
222 |         'transform':'translate3d(' + move_distance + 'px, ' + vertical_level +  'px, 0)',
223 |         'transition': 'all 0.5s cubic-bezier(0.29, 1.42, 0.79, 1)'
224 | 
225 |     });
226 | }
227 | 
228 | materialDesign = {
229 | 
230 |     checkScrollForTransparentNavbar: debounce(function() {
231 |                 if($(document).scrollTop() > 260 ) {
232 |                     if(transparent) {
233 |                         transparent = false;
234 |                         $('.navbar-color-on-scroll').removeClass('navbar-transparent');
235 |                     }
236 |                 } else {
237 |                     if( !transparent ) {
238 |                         transparent = true;
239 |                         $('.navbar-color-on-scroll').addClass('navbar-transparent');
240 |                     }
241 |                 }
242 |         }, 17)
243 | 
244 | }
245 | 
246 | function debounce(func, wait, immediate) {
247 | 	var timeout;
248 | 	return function() {
249 | 		var context = this, args = arguments;
250 | 		clearTimeout(timeout);
251 | 		timeout = setTimeout(function() {
252 | 			timeout = null;
253 | 			if (!immediate) func.apply(context, args);
254 | 		}, wait);
255 | 		if (immediate && !timeout) func.apply(context, args);
256 | 	};
257 | };
258 | 


--------------------------------------------------------------------------------
/java_xxe/src/me/gv7/xxe/LoginServlet.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/java_xxe/src/me/gv7/xxe/LoginServlet.java


--------------------------------------------------------------------------------
/php_xxe/css/demo.css:
--------------------------------------------------------------------------------
  1 | .logo-container{
  2 |     left: 50px;
  3 |     position: absolute;
  4 |     top: 20px;
  5 |     z-index: 3;
  6 | }
  7 | .logo-container .logo{
  8 |     overflow: hidden;
  9 |     border-radius: 50%;
 10 |     border: 1px solid #333333;
 11 |     width: 60px;
 12 |     float: left;
 13 | }
 14 | .logo-container .brand{
 15 |     font-size: 18px;
 16 |     color: #FFF;
 17 |     line-height: 20px;
 18 |     float: left;
 19 |     margin-left: 10px;
 20 |     margin-top: 10px;
 21 |     width: 60px
 22 | }
 23 | 
 24 | body{
 25 |     background-color: #CCCCCC;
 26 | }
 27 | 
 28 | .section .wizard-card{
 29 |     min-height: inherit;
 30 | }
 31 | 
 32 | .tim-row{
 33 |     margin-bottom: 20px;
 34 | }
 35 | 
 36 | .tim-white-buttons {
 37 |     background-color: #777777;
 38 | }
 39 | .title{
 40 |     margin-top: 30px;
 41 |     margin-bottom: 25px;
 42 |     min-height: 32px;
 43 |     font-weight: 500;
 44 | }
 45 | 
 46 | 
 47 | 
 48 | .title.text-center{
 49 |     margin-bottom: 50px;
 50 | }
 51 | .tim-typo{
 52 |     padding-left: 25%;
 53 |     margin-bottom: 40px;
 54 |     position: relative;
 55 | }
 56 | .tim-typo .tim-note{
 57 |     bottom: 10px;
 58 |     color: #c0c1c2;
 59 |     display: block;
 60 |     font-weight: 400;
 61 |     font-size: 13px;
 62 |     line-height: 13px;
 63 |     left: 0;
 64 |     margin-left: 20px;
 65 |     position: absolute;
 66 |     width: 260px;
 67 | }
 68 | .tim-row{
 69 |     padding-top: 50px;
 70 | }
 71 | .tim-row h3{
 72 |     margin-top: 0;
 73 | }
 74 | .switch{
 75 |     margin-right: 20px;
 76 | }
 77 | .copyrights{
 78 | 	text-indent:-9999px;
 79 | 	height:0;
 80 | 	line-height:0;
 81 | 	font-size:0;
 82 | 	overflow:hidden;
 83 | }
 84 | #navbar-full .navbar{
 85 |     border-radius: 0 !important;
 86 |     margin-bottom: 15px;
 87 |     z-index: 2;
 88 | }
 89 | .space{
 90 |     height: 130px;
 91 |     display: block;
 92 | }
 93 | .space-110{
 94 |     height: 110px;
 95 |     display: block;
 96 | }
 97 | .space-50{
 98 |     height: 50px;
 99 |     display: block;
100 | }
101 | .space-70{
102 |     height: 70px;
103 |     display: block;
104 | }
105 | .navigation-example .img-src{
106 |     background-attachment: scroll;
107 | }
108 | 
109 | .navigation-example{
110 |     background-image: url('../img/bg.jpg');
111 |     background-position: center center;
112 |     background-size: cover;
113 |     margin-top:0;
114 |     min-height: 740px;
115 | }
116 | #notifications{
117 |     background-color: #FFFFFF;
118 |     display: block;
119 |     width: 100%;
120 |     position: relative;
121 | }
122 | #notifications .alert-danger{
123 |     margin-bottom: 0px;
124 | }
125 | .tim-note{
126 |     text-transform: capitalize;
127 | }
128 | 
129 | #buttons .btn{
130 |     margin: 0 0px 15px;
131 | }
132 | .space-100{
133 |     height: 100px;
134 |     display: block;
135 |     width: 100%;
136 | }
137 | 
138 | .be-social{
139 |     padding-bottom: 20px;
140 | /*     border-bottom: 1px solid #aaa; */
141 |     margin: 0 auto 40px;
142 | }
143 | .txt-white{
144 |     color: #FFFFFF;
145 | }
146 | .txt-gray{
147 |     color: #ddd !important;
148 | }
149 | 
150 | 
151 | .parallax{
152 |   width:100%;
153 |   height:570px;
154 | 
155 |   display: block;
156 |   background-attachment: fixed;
157 |     background-repeat:no-repeat;
158 |     background-size:cover;
159 |     background-position: center center;
160 | 
161 | }
162 | 
163 | .logo-container.logo-documentation{
164 |     position: relative;
165 |     top: 0;
166 |     left: 0;
167 | }
168 | 
169 | .logo-container .logo{
170 |     overflow: hidden;
171 |     border-radius: 50%;
172 |     border: 1px solid #333333;
173 |     width: 50px;
174 |     float: left;
175 | }
176 | 
177 | .logo-container .brand{
178 |     font-size: 16px;
179 |     line-height: 18px;
180 |     float: left;
181 |     margin-left: 10px;
182 |     margin-top: 7px;
183 |     width: 70px;
184 |     height: 40px;
185 |     text-align: left;
186 | }
187 | 
188 | 
189 | .navbar-default .logo-container .brand{
190 |     color: #999999;
191 | }
192 | .navbar-transparent .logo-container .brand{
193 |     color: #FFFFFF;
194 | }
195 | 
196 | .logo-container .brand-material{
197 |     font-size: 18px;
198 |     margin-top: 15px;
199 |     height: 25px;
200 |     width: auto;
201 | }
202 | 
203 | .logo-container .logo img{
204 |     width: 100%;
205 | }
206 | .navbar-small .logo-container .brand{
207 |     color: #333333;
208 | }
209 | 
210 | .fixed-section{
211 |     top: 90px;
212 |     max-height: 80vh;
213 |     overflow: scroll;
214 | }
215 | .fixed-section ul li{
216 |     list-style: none;
217 | }
218 | .fixed-section li a{
219 |     font-size: 14px;
220 |     padding: 2px;
221 |     display: block;
222 |     color: #666666;
223 | }
224 | .fixed-section li a.active{
225 |     color: #00bbff;
226 | }
227 | .fixed-section.float{
228 |     position: fixed;
229 |     top: 100px;
230 |     width: 200px;
231 |     margin-top: 0;
232 | }
233 | 
234 | 
235 | .parallax .parallax-image{
236 |     width: 100%;
237 |     overflow: hidden;
238 |     position: absolute;
239 | }
240 | .parallax .parallax-image img{
241 |     width: 100%;
242 | }
243 | 
244 | @media (max-width: 768px){
245 |     .parallax .parallax-image{
246 |          width: 100%;
247 |          height: 640px;
248 |          overflow: hidden;
249 |      }
250 |     .parallax .parallax-image img{
251 |        height: 100%;
252 |        width: auto;
253 |    }
254 | }
255 | 
256 | .separator{
257 |     content: "Separator";
258 |     color: #FFFFFF;
259 |     display: block;
260 |     width: 100%;
261 |     padding: 20px;
262 | }
263 | .separator-line{
264 |     background-color: #EEE;
265 |     height: 1px;
266 |     width: 100%;
267 |     display: block;
268 | }
269 | .separator.separator-gray{
270 |     background-color: #EEEEEE;
271 | }
272 | .social-buttons-demo .btn{
273 |     margin-right: 5px;
274 |     margin-bottom: 7px;
275 | }
276 | 
277 | .img-container{
278 |     width: 100%;
279 |     overflow: hidden;
280 | }
281 | .img-container img{
282 |     width: 100%;
283 | }
284 | 
285 | .lightbox img{
286 |     width: 100%;
287 | }
288 | .lightbox .modal-content{
289 |     overflow: hidden;
290 | }
291 | .lightbox .modal-body{
292 |     padding: 0;
293 | }
294 | @media screen and (min-width: 991px){
295 |     .lightbox .modal-dialog{
296 |         width: 960px;
297 |     }
298 | }
299 | 
300 | @media (max-width: 768px){
301 |     .btn, .btn-morphing{
302 |         margin-bottom: 10px;
303 |     }
304 |     .parallax .motto{
305 |         top: 170px;
306 |         margin-top: 0;
307 |         font-size: 60px;
308 |         width: 270px;
309 |     }
310 | }
311 | 
312 | /*       Loading dots  */
313 | 
314 | /*      transitions */
315 | .presentation .front, .presentation .front:after, .presentation .front .btn, .logo-container .logo, .logo-container .brand{
316 |      -webkit-transition: all .2s;
317 |     -moz-transition: all .2s;
318 |     -o-transition: all .2s;
319 |     transition: all .2s;
320 | }
321 | 
322 | 
323 | #images h4{
324 |     margin-bottom: 30px;
325 | }
326 | #javascriptComponents{
327 |     padding-bottom: 0;
328 | }
329 | #javascriptComponents .btn-raised{
330 |     margin: 10px 5px;
331 | }
332 | 
333 | 
334 | /*      layer animation          */
335 | 
336 | .layers-container{
337 |     display: block;
338 |     margin-top: 50px;
339 |     position: relative;
340 | }
341 | .layers-container img {
342 |   position: absolute;
343 |   width: 100%;
344 |   height: auto;
345 |   top: 0;
346 |   left: 0;
347 |   text-align: center;
348 | }
349 | 
350 | .section-black {
351 |   background-color: #333;
352 | }
353 | 
354 | .animate {
355 |   transition: 1.5s ease-in-out;
356 |   -moz-transition: 1.5s ease-in-out;
357 |   -webkit-transition: 1.5s ease-in-out;
358 | }
359 | 
360 | .navbar-default.navbar-small .logo-container .brand{
361 |     color: #333333;
362 | }
363 | .navbar-transparent.navbar-small .logo-container .brand{
364 |     color: #FFFFFF;
365 | }
366 | .navbar-default.navbar-small .logo-container .brand{
367 |     color: #333333;
368 | }
369 | 
370 | .sharing-area{
371 |     margin-top: 80px;
372 | }
373 | .sharing-area .btn{
374 |     margin: 15px 4px 0;
375 |     color: #FFFFFF;
376 | }
377 | .sharing-area .btn i{
378 |     font-size: 18px;
379 |     position: relative;
380 |     top: 2px;
381 |     margin-right: 5px;
382 | }
383 | .sharing-area .btn-twitter{
384 |     background-color: #55acee;
385 | }
386 | .sharing-area .btn-facebook{
387 |     background-color: #3b5998;
388 | }
389 | .sharing-area .btn-google-plus{
390 |     background-color: #dd4b39;
391 | }
392 | .sharing-area .btn-github{
393 |     background-color: #333333;
394 | }
395 | .section-thin,
396 | .section-notifications{
397 |     padding: 0;
398 | }
399 | .section-navbars{
400 |     padding-top: 0;
401 | }
402 | #navbar .navbar{
403 |     border-radius: 0;
404 | }
405 | .section-tabs{
406 |     background: #EEEEEE;
407 | }
408 | .section-pagination{
409 |     padding-bottom: 0;
410 | }
411 | .section-download h4{
412 |     margin-bottom: 50px;
413 | }
414 | .section-examples a{
415 |     text-decoration: none;
416 | }
417 | .section-examples h5{
418 |     margin-top: 30px;
419 | }
420 | .components-page .wrapper > .header,
421 | .tutorial-page .wrapper > .header{
422 |     height: 400px;
423 |     padding-top: 100px;
424 |     background-size: cover;
425 |     background-position: center center;
426 | }
427 | .components-page .title,
428 | .tutorial-page .title{
429 |     color: #FFFFFF;
430 | }
431 | 
432 | .main {
433 |   background: #FFFFFF;
434 |   position: relative;
435 |   z-index: 3;
436 | }
437 | 
438 | .main-raised {
439 |     margin: -60px 30px 0px;
440 |     border-radius: 6px;
441 |     box-shadow: 0 16px 24px 2px rgba(0, 0, 0, 0.14), 0 6px 30px 5px rgba(0, 0, 0, 0.12), 0 8px 10px -5px rgba(0, 0, 0, 0.2);
442 | }
443 | 
444 | .header-filter {
445 |   position: relative;
446 | }
447 | .header-filter:before, .header-filter:after {
448 |   position: absolute;
449 |   z-index: 1;
450 |   width: 100%;
451 |   height: 100%;
452 |   display: block;
453 |   left: 0;
454 |   top: 0;
455 |   content: "";
456 | }
457 | .header-filter::before {
458 |   background-color: rgba(0, 0, 0, 0.4);
459 | }
460 | .header-filter .container {
461 |   z-index: 2;
462 |   position: relative;
463 | }
464 | 
465 | .section {
466 |   padding: 70px 0;
467 |   background-position: center center;
468 |   background-size: cover;
469 | }
470 | 
471 | 
472 | 
473 | .navbar {
474 |   border: 0;
475 |   border-radius: 3px;
476 |   box-shadow: 0 10px 20px -12px rgba(0, 0, 0, 0.42), 0 3px 20px 0px rgba(0, 0, 0, 0.12), 0 8px 10px -5px rgba(0, 0, 0, 0.2);
477 |   padding: 10px 0;
478 | 
479 |   -webkit-transition: all 150ms ease 0s;
480 |  -moz-transition: all 150ms ease 0s;
481 |  -o-transition: all 150ms ease 0s;
482 |  -ms-transition: all 150ms ease 0s;
483 |  transition: all 150ms ease 0s;
484 | }
485 | .navbar .navbar-brand {
486 |   position: relative;
487 |   height: 50px;
488 |   line-height: 30px;
489 |   color: inherit;
490 |   padding: 10px 15px;
491 | }
492 | .navbar .navbar-brand:hover, .navbar .navbar-brand:focus {
493 |   color: inherit;
494 |   background-color: transparent;
495 | }
496 | 
497 | .navbar.navbar-transparent {
498 |   background-color: transparent;
499 |   box-shadow: none;
500 |   color: #fff;
501 |   padding-top: 25px;
502 | }
503 | 
504 | .navbar-fixed-top {
505 |   border-radius: 0;
506 | }
507 | 
508 | .navbar .navbar-nav > li > a .material-icons,
509 | .navbar .navbar-nav > li > a .fa {
510 |   font-size: 20px;
511 |   max-width: 20px;
512 | }
513 | .navbar .navbar-nav > li > a:hover,
514 | .navbar .navbar-nav > li > a:focus {
515 |     color: inherit;
516 |     background-color: transparent;
517 | }
518 | 
519 | .navbar .navbar-nav > li > a:not(.btn) .material-icons {
520 |   margin-top: -3px;
521 |   top: 0px;
522 |   position: relative;
523 |   margin-right: 3px;
524 | }
525 | 
526 | .navbar, .navbar.navbar-default {
527 |   background-color: #9c27b0;
528 |   color: #FFFFFF;
529 | }
530 | 
531 | .navbar .navbar-nav > li > a {
532 |   color: inherit;
533 |   padding-top: 15px;
534 |   padding-bottom: 15px;
535 |   font-weight: 400;
536 |   font-size: 12px;
537 |   text-transform: uppercase;
538 |   border-radius: 3px;
539 | }
540 | @media (max-width: 1199px) {
541 | 
542 |   .navbar .navbar-brand {
543 |     height: 50px;
544 |     padding: 10px 15px;
545 |   }
546 |   .navbar .navbar-nav > li > a {
547 |     padding-top: 15px;
548 |     padding-bottom: 15px;
549 |   }
550 | }
551 | 
552 | footer {
553 |   padding: 15px 0;
554 |   text-align: center;
555 | 
556 | }
557 | .footer a{
558 |     font-weight: bold;
559 | }
560 | 
561 | footer.footer-documentation{
562 |     margin-top: 0;
563 |     bottom: 0;
564 |     text-shadow: none;
565 |     color: inherit;
566 | }
567 | 
568 | footer.footer-documentation li a{
569 |     color: inherit;
570 | }
571 | 
572 | footer.footer-documentation li a:hover,
573 | footer.footer-documentation li a:focus{
574 |     color: #89229b;
575 | }
576 | 
577 | footer ul {
578 |   margin-bottom: 0;
579 |   padding: 0;
580 |   list-style: none;
581 | }
582 | footer ul li {
583 |   display: inline-block;
584 | }
585 | footer ul li a {
586 |   color: inherit;
587 |   padding: 15px;
588 |   font-weight: 500;
589 |   font-size: 12px;
590 |   text-transform: uppercase;
591 |   border-radius: 3px;
592 |   text-decoration: none;
593 |   position: relative;
594 |   display: block;
595 | }
596 | footer ul li a:hover {
597 |   text-decoration: none;
598 | }
599 | footer ul li .btn {
600 |   margin: 0;
601 | }
602 | footer ul.links-horizontal:first-child a {
603 |   padding-left: 0;
604 | }
605 | footer ul.links-horizontal:last-child a {
606 |   padding-right: 0;
607 | }
608 | footer ul.links-vertical li {
609 |   display: block;
610 | }
611 | footer ul.links-vertical li a {
612 |   padding: 5px 0;
613 | }
614 | footer .social-buttons a,
615 | footer .social-buttons .btn {
616 |   margin-top: 5px;
617 |   margin-bottom: 5px;
618 | }
619 | footer .footer-brand {
620 |   float: left;
621 |   height: 50px;
622 |   padding: 15px 15px;
623 |   font-size: 18px;
624 |   line-height: 20px;
625 |   margin-left: -15px;
626 | }
627 | footer .footer-brand:hover, footer .footer-brand:focus {
628 |   color: #3C4858;
629 | }
630 | footer .copyright {
631 |   padding: 15px 0;
632 |   text-align: center;
633 | }
634 | footer .copyright .material-icons {
635 |   font-size: 18px;
636 |   position: relative;
637 |   top: 3px;
638 | }
639 | footer .pull-center {
640 |   display: inline-block;
641 |   float: none;
642 | }
643 | 
644 | @media (max-width: 768px) {
645 |   .footer .copyright {
646 |     display: inline-block;
647 |     text-align: center;
648 |     padding: 10px 0;
649 |     float: none !important;
650 |     width: 100%;
651 |   }
652 | 
653 |   .navbar.navbar-transparent {
654 |     background-color: rgba(0, 0, 0, 0.4);
655 |     padding-top: 10px;
656 |     border-radius: 0;
657 |   }
658 | 
659 |   .main-raised {
660 |     margin-left: 10px;
661 |     margin-right: 10px;
662 |   }
663 | }
664 | 


--------------------------------------------------------------------------------
/php_xxe/css/font.css:
--------------------------------------------------------------------------------
 1 | 
 2 | @font-face {font-family: "iconfont";
 3 |   src: url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.eot?t=1517926461910'); /* IE9*/
 4 |   src: url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.eot?t=1517926461910#iefix') format('embedded-opentype'), /* IE6-IE8 */
 5 |   url('data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAAXUAAsAAAAACFwAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFZW7kggY21hcAAAAYAAAABlAAABnM8LapNnbHlmAAAB6AAAAe8AAAIkfsWBm2hlYWQAAAPYAAAALwAAADYQXvaJaGhlYQAABAgAAAAcAAAAJAfeA4VobXR4AAAEJAAAABAAAAAQD+kAAGxvY2EAAAQ0AAAACgAAAAoBiADEbWF4cAAABEAAAAAfAAAAIAETAF1uYW1lAAAEYAAAAUUAAAJtPlT+fXBvc3QAAAWoAAAAKgAAADtO+ggHeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2Bk/sU4gYGVgYOpk+kMAwNDP4RmfM1gxMjBwMDEwMrMgBUEpLmmMDgwVDwzYW7438AQw9zA0AAUZgTJAQAn3gyieJzFkMENwCAMA51CK1R1Ct59og7UV0dg4qxBncCHCTC6kFiWggCwAwjkJhGQDwLTS1fcDzjdj3g4J56Nd9WspbWpM4knknfBknJgmWTd6lmX1zIm++864BM1d8zX0sH2A991EMsAAAB4nDXQT2sTQRgG8Hlmsn8Sk93uTjabbLpJNrG70bVR003ipiS9eLFYiJQexFNP4kERPBRUNCCCiAdzFwQb8OjRS5UI+hlM0IOin8FbVycUZ15434H38HuGSIT8/cmOWJFw0iQXyWUyIgRyiLpGXXhB1KIhLE+y7LzGgkbgKY16iw1g1+V8od2NfFtWZB0aKtjw2t2gRQN0oiHdRLvgAqWys2uurZrsJTLFoPI02aZvYFUbq/pwPblybivfrnH1IGuaJdN8ocqSpFKa0jXctgtpKZ2Rk6mkO9ZR9QytIlsKnKvXc7Wyuf8suuOu2WlgPAYv17S3W4ZjiHroFLhZUlZyatHJNU7ncfD7VJFnXf8XESclsh6zxzQhKjGIS9ZF0rxc96NuuyD9H5gGpQJ7iF4LrIWg07OD5a2KjHjCXS4Kg5P+aTqXpPn0cJFKLQ4nM7Z7/+xn67v/GqkZ+s0oGkVR86ThldiYLvfE9vEFNptknm/feHRrf3RXn8yEjQrbB3aT7QnXeeHy/G6vAsXu0kCm9oZAGULlCZYhXNZSO4DgDcU/ixdDci+1Mn5QVfYym++/1GQ17AP9EPMwBuI/AqubgB8HJhaXfhjpjxo4KHeTrx3EYfIujCmNQ1wL4+Tbjsa5tpOucNf3XV75B4awZxYAeJxjYGRgYABipxW+C+P5bb4ycLMwgMC1+TdtEfT/vSwMzKFALgcDE0gUADKhCsEAeJxjYGRgYG7438AQw8IAAkCSkQEVsAAARwoCbQQAAAAD6QAABAAAAAQAAAAAAAAAAHYAxAESAAB4nGNgZGBgYGEIZGBlAAEmIOYCQgaG/2A+AwAREgFxAHicZY9NTsMwEIVf+gekEqqoYIfkBWIBKP0Rq25YVGr3XXTfpk6bKokjx63UA3AejsAJOALcgDvwSCebNpbH37x5Y08A3OAHHo7fLfeRPVwyO3INF7gXrlN/EG6QX4SbaONVuEX9TdjHM6bCbXRheYPXuGL2hHdhDx18CNdwjU/hOvUv4Qb5W7iJO/wKt9Dx6sI+5l5XuI1HL/bHVi+cXqnlQcWhySKTOb+CmV7vkoWt0uqca1vEJlODoF9JU51pW91T7NdD5yIVWZOqCas6SYzKrdnq0AUb5/JRrxeJHoQm5Vhj/rbGAo5xBYUlDowxQhhkiMro6DtVZvSvsUPCXntWPc3ndFsU1P9zhQEC9M9cU7qy0nk6T4E9XxtSdXQrbsuelDSRXs1JErJCXta2VELqATZlV44RelzRiT8oZ0j/AAlabsgAAAB4nGNgYoAALgbsgIWRiZGZkYWRlYGxgi0zOT/P2IAlNzM3kYEBACnOBFYAAA==') format('woff'),
 6 |   url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.ttf?t=1517926461910') format('truetype'), /* chrome, firefox, opera, Safari, Android, iOS 4.2+*/
 7 |   url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.svg?t=1517926461910#iconfont') format('svg'); /* iOS 4.1- */
 8 | }
 9 | 
10 | .iconfont {
11 |   font-family:"iconfont" !important;
12 |   font-size:16px;
13 |   font-style:normal;
14 |   -webkit-font-smoothing: antialiased;
15 |   -moz-osx-font-smoothing: grayscale;
16 | }
17 | 
18 | .icon-icon30:before { content: "\e634"; }
19 | 
20 | .icon-mima:before { content: "\e622"; }
21 | 
22 | 


--------------------------------------------------------------------------------
/php_xxe/css/icon.css:
--------------------------------------------------------------------------------
 1 | @font-face {
 2 |   font-family: 'Material Icons';
 3 |   font-style: normal;
 4 |   font-weight: 400;
 5 |   src: url(https://fonts.gstatic.com/s/materialicons/v36/2fcrYFNaTjcS6g4U3t-Y5SQZRqoBW5Q4K_a7BOZJO20.eot);
 6 | }
 7 | @font-face {
 8 |   font-family: 'Roboto';
 9 |   font-style: normal;
10 |   font-weight: 400;
11 |   src: url(https://fonts.gstatic.com/s/roboto/v18/5YB-ifwqHP20Yn46l_BDhA.eot);
12 | }
13 | @font-face {
14 |   font-family: 'Roboto Slab';
15 |   font-style: normal;
16 |   font-weight: 400;
17 |   src: url(https://fonts.gstatic.com/s/robotoslab/v7/y7lebkjgREBJK96VQi37ZmfQcKutQXcIrRfyR5jdjY8.eot);
18 | }
19 | 
20 | .material-icons {
21 |   font-family: 'Material Icons';
22 |   font-weight: normal;
23 |   font-style: normal;
24 |   font-size: 24px;
25 |   line-height: 1;
26 |   letter-spacing: normal;
27 |   text-transform: none;
28 |   display: inline-block;
29 |   white-space: nowrap;
30 |   word-wrap: normal;
31 |   direction: ltr;
32 | }
33 | 


--------------------------------------------------------------------------------
/php_xxe/doLogin.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 | * autor: c0ny1
 4 | * date: 2018-2-7
 5 | */
 6 | 
 7 | $USERNAME = 'admin'; //账号
 8 | $PASSWORD = 'admin'; //密码
 9 | $result = null;
10 | 
11 | libxml_disable_entity_loader(false);
12 | $xmlfile = file_get_contents('php://input');
13 | 
14 | try{
15 | 	$dom = new DOMDocument();
16 | 	$dom->loadXML($xmlfile, LIBXML_NOENT | LIBXML_DTDLOAD);
17 | 	$creds = simplexml_import_dom($dom);
18 | 
19 | 	$username = $creds->username;
20 | 	$password = $creds->password;
21 | 
22 | 	if($username == $USERNAME && $password == $PASSWORD){
23 | 		$result = sprintf("<result><code>%d</code><msg>%s</msg></result>",1,$username);
24 | 	}else{
25 | 		$result = sprintf("<result><code>%d</code><msg>%s</msg></result>",0,$username);
26 | 	}	
27 | }catch(Exception $e){
28 | 	$result = sprintf("<result><code>%d</code><msg>%s</msg></result>",3,$e->getMessage());
29 | }
30 | 
31 | header('Content-Type: text/html; charset=utf-8');
32 | echo $result;
33 | ?>


--------------------------------------------------------------------------------
/php_xxe/img/favicon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/php_xxe/img/favicon.png


--------------------------------------------------------------------------------
/php_xxe/img/php_logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/php_xxe/img/php_logo.png


--------------------------------------------------------------------------------
/php_xxe/index.html:
--------------------------------------------------------------------------------
  1 | <!doctype html>
  2 | <html lang="en">
  3 | <head>
  4 | 	<meta charset="utf-8" />
  5 | 	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
  6 |     <link rel="shortcut icon" href="img/favicon.png" type="image/x-icon">
  7 | 	
  8 | 	<title>XXE-Lab</title>
  9 | 
 10 | 	<meta content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0' name='viewport' />
 11 |     <meta name="viewport" content="width=device-width" />
 12 | 
 13 | 	<link rel="stylesheet" type="text/css" href="css/font.css" />
 14 | 	<link href="css/bootstrap.min.css" rel="stylesheet" />
 15 | 	<link href="css/material-bootstrap-wizard.css" rel="stylesheet" />
 16 | </head>
 17 | 
 18 | <body>
 19 | 	<div class="image-container set-full-height" style="background-color: #272822;">
 20 | 	    <!--   Creative Tim Branding   -->
 21 | 	    <!--   Big container   -->
 22 | 	    <div class="container" style="width: 970px;">
 23 | 	        <div class="row">
 24 | 		        <div class="col-sm-8 col-sm-offset-2">
 25 | 		            <!--      Wizard container        -->
 26 | 		            <div class="wizard-container">
 27 | 		                <div class="card wizard-card" data-color="green" id="wizardProfile">
 28 | 		                    <form>
 29 | 		                    	<div class="wizard-header">
 30 | 		                        	<h3 class="wizard-title">
 31 | 		                        	   <a href="http://github.com/c0ny1/xxe-lab">XXE-Lab for PHP</a>
 32 | 		                        	</h3>
 33 | 									<img src="img/php_logo.png">
 34 | 		                    	</div>
 35 | 								<div class="wizard-navigation">
 36 | 									<ul>
 37 | 			                            <li><a href="#about" data-toggle="tab">tips:</a></li>
 38 | 			                            <li><a href="javascript:void(0)" ><span style="color:red;" class="msg"></span></a></li>
 39 | 										<li><a href="javascript:void(0)"></a></li>
 40 | 			                        </ul>
 41 | 								</div>
 42 | 
 43 | 		                        <div class="tab-content">
 44 | 		                            <div class="tab-pane" id="about">
 45 | 		                              <div class="row">
 46 | 		                                	<div class="col-sm-6">
 47 | 												<div class="input-group" style="margin-left: 30%;">
 48 | 													<span class="input-group-addon">
 49 | 														<i class="iconfont icon-icon30" style="font-size:25px;"></i>
 50 | 													</span>
 51 | 													<div class="form-group label-floating">
 52 | 			                                          <label class="control-label">UserName</label>
 53 | 			                                          <input id="username" name="username" style="width: 200%;" type="text" class="form-control">
 54 | 			                                        </div>
 55 | 												</div>
 56 | 												<div class="input-group" style="margin-left: 30%;">
 57 | 													<span class="input-group-addon">
 58 | 														<i class="iconfont icon-mima" style="font-size:25px;"></i>
 59 | 													</span>
 60 | 													<div class="form-group label-floating">
 61 | 													  <label class="control-label">Password</label>
 62 | 													  <input id="password" name="password" style="width: 200%;" type="password" class="form-control">
 63 | 													</div>
 64 | 												</div>
 65 | 		                                	</div>
 66 | 		                            	</div>
 67 | 		                            </div>
 68 | 		                            
 69 | 		                            
 70 | 		                        </div>
 71 | 		                        <div class="wizard-footer">
 72 | 		                            <div class="pull-right">
 73 | 		                                <input type='button' class='btn btn-fill btn-success btn-wd' name='next' value='login' onclick="javascript:doLogin()" />
 74 | 		                            </div>
 75 | 
 76 | 		                            <div class="clearfix"></div>
 77 | 		                        </div>
 78 | 		                    </form>
 79 | 		                </div>
 80 | 		            </div> <!-- wizard container -->
 81 | 		        </div>
 82 | 	        </div><!-- end row -->
 83 | 	    </div> <!--  big container -->
 84 | 
 85 | 	    <div class="footer">
 86 | 	        <div class="container text-center">
 87 | 	             Copyright By <a href="http://gv7.me">c0ny1</a>
 88 | 	        </div>
 89 | 	    </div>
 90 | 	</div>
 91 | </body>
 92 | <!--   Core JS Files   -->
 93 | <script src="js/jquery-2.2.4.min.js" type="text/javascript"></script>
 94 | <script src="js/bootstrap.min.js" type="text/javascript"></script>
 95 | <script src="js/jquery.bootstrap.js" type="text/javascript"></script>
 96 | 
 97 | <!--  Plugin for the Wizard -->
 98 | <script src="js/material-bootstrap-wizard.js"></script>
 99 | 
100 | <script src="js/jquery.validate.min.js"></script>
101 | <script type='text/javascript'> 
102 | function doLogin(){
103 | 	var username = $("#username").val();
104 | 	var password = $("#password").val();
105 | 	if(username == "" || password == ""){
106 | 		alert("Please enter the username and password!");
107 | 		return;
108 | 	}
109 | 	
110 | 	var data = "<user><username>" + username + "</username><password>" + password + "</password></user>"; 
111 |     $.ajax({
112 |         type: "POST",
113 |         url: "doLogin.php",
114 |         contentType: "application/xml;charset=utf-8",
115 |         data: data,
116 |         dataType: "xml",
117 |         anysc: false,
118 |         success: function (result) {
119 |         	var code = result.getElementsByTagName("code")[0].childNodes[0].nodeValue;
120 |         	var msg = result.getElementsByTagName("msg")[0].childNodes[0].nodeValue;
121 |         	if(code == "0"){
122 |         		$(".msg").text(msg + " login fail!");
123 |         	}else if(code == "1"){
124 |         		$(".msg").text(msg + " login success!");
125 |         	}else{
126 |         		$(".msg").text("error:" + msg);
127 |         	}
128 |         },
129 |         error: function (XMLHttpRequest,textStatus,errorThrown) {
130 |             $(".msg").text(errorThrown + ':' + textStatus);
131 |         }
132 |     }); 
133 | }
134 | </script>
135 | </html>
136 | 


--------------------------------------------------------------------------------
/php_xxe/js/jquery.bootstrap.js:
--------------------------------------------------------------------------------
  1 | /*!
  2 |  * jQuery twitter bootstrap wizard plugin
  3 |  * Examples and documentation at: http://github.com/VinceG/twitter-bootstrap-wizard
  4 |  * version 1.0
  5 |  * Requires jQuery v1.3.2 or later
  6 |  * Supports Bootstrap 2.2.x, 2.3.x, 3.0
  7 |  * Dual licensed under the MIT and GPL licenses:
  8 |  * http://www.opensource.org/licenses/mit-license.php
  9 |  * http://www.gnu.org/licenses/gpl.html
 10 |  * Authors: Vadim Vincent Gabriel (http://vadimg.com), Jason Gill (www.gilluminate.com)
 11 |  */
 12 | ;(function($) {
 13 | var bootstrapWizardCreate = function(element, options) {
 14 | 	var element = $(element);
 15 | 	var obj = this;
 16 | 
 17 | 	// selector skips any 'li' elements that do not contain a child with a tab data-toggle
 18 | 	var baseItemSelector = 'li:has([data-toggle="tab"])';
 19 | 
 20 | 	// Merge options with defaults
 21 | 	var $settings = $.extend({}, $.fn.bootstrapWizard.defaults, options);
 22 | 	var $activeTab = null;
 23 | 	var $navigation = null;
 24 | 
 25 | 	this.rebindClick = function(selector, fn)
 26 | 	{
 27 | 		selector.unbind('click', fn).bind('click', fn);
 28 | 	}
 29 | 
 30 | 	this.fixNavigationButtons = function() {
 31 | 		// Get the current active tab
 32 | 		if(!$activeTab.length) {
 33 | 			// Select first one
 34 | 			$navigation.find('a:first').tab('show');
 35 | 			$activeTab = $navigation.find(baseItemSelector + ':first');
 36 | 		}
 37 | 
 38 | 		// See if we're currently in the first/last then disable the previous and last buttons
 39 | 		$($settings.previousSelector, element).toggleClass('disabled', (obj.firstIndex() >= obj.currentIndex()));
 40 | 		$($settings.nextSelector, element).toggleClass('disabled', (obj.currentIndex() >= obj.navigationLength()));
 41 | 
 42 | 		// We are unbinding and rebinding to ensure single firing and no double-click errors
 43 | 		obj.rebindClick($($settings.nextSelector, element), obj.next);
 44 | 		obj.rebindClick($($settings.previousSelector, element), obj.previous);
 45 | 		obj.rebindClick($($settings.lastSelector, element), obj.last);
 46 | 		obj.rebindClick($($settings.firstSelector, element), obj.first);
 47 | 
 48 | 		if($settings.onTabShow && typeof $settings.onTabShow === 'function' && $settings.onTabShow($activeTab, $navigation, obj.currentIndex())===false){
 49 | 			return false;
 50 | 		}
 51 | 	};
 52 | 
 53 | 	this.next = function(e) {
 54 | 
 55 | 		// If we clicked the last then dont activate this
 56 | 		if(element.hasClass('last')) {
 57 | 			return false;
 58 | 		}
 59 | 
 60 | 		if($settings.onNext && typeof $settings.onNext === 'function' && $settings.onNext($activeTab, $navigation, obj.nextIndex())===false){
 61 | 			return false;
 62 | 		}
 63 | 
 64 | 		// Did we click the last button
 65 | 		$index = obj.nextIndex();
 66 | 		if($index > obj.navigationLength()) {
 67 | 		} else {
 68 | 			$navigation.find(baseItemSelector + ':eq('+$index+') a').tab('show');
 69 | 		}
 70 | 	};
 71 | 
 72 | 	this.previous = function(e) {
 73 | 
 74 | 		// If we clicked the first then dont activate this
 75 | 		if(element.hasClass('first')) {
 76 | 			return false;
 77 | 		}
 78 | 
 79 | 		if($settings.onPrevious && typeof $settings.onPrevious === 'function' && $settings.onPrevious($activeTab, $navigation, obj.previousIndex())===false){
 80 | 			return false;
 81 | 		}
 82 | 
 83 | 		$index = obj.previousIndex();
 84 | 		if($index < 0) {
 85 | 		} else {
 86 | 			$navigation.find(baseItemSelector + ':eq('+$index+') a').tab('show');
 87 | 		}
 88 | 	};
 89 | 
 90 | 	this.first = function(e) {
 91 | 		if($settings.onFirst && typeof $settings.onFirst === 'function' && $settings.onFirst($activeTab, $navigation, obj.firstIndex())===false){
 92 | 			return false;
 93 | 		}
 94 | 
 95 | 		// If the element is disabled then we won't do anything
 96 | 		if(element.hasClass('disabled')) {
 97 | 			return false;
 98 | 		}
 99 | 		$navigation.find(baseItemSelector + ':eq(0) a').tab('show');
100 | 
101 | 	};
102 | 	this.last = function(e) {
103 | 		if($settings.onLast && typeof $settings.onLast === 'function' && $settings.onLast($activeTab, $navigation, obj.lastIndex())===false){
104 | 			return false;
105 | 		}
106 | 
107 | 		// If the element is disabled then we won't do anything
108 | 		if(element.hasClass('disabled')) {
109 | 			return false;
110 | 		}
111 | 		$navigation.find(baseItemSelector + ':eq('+obj.navigationLength()+') a').tab('show');
112 | 	};
113 | 	this.currentIndex = function() {
114 | 		return $navigation.find(baseItemSelector).index($activeTab);
115 | 	};
116 | 	this.firstIndex = function() {
117 | 		return 0;
118 | 	};
119 | 	this.lastIndex = function() {
120 | 		return obj.navigationLength();
121 | 	};
122 | 	this.getIndex = function(e) {
123 | 		return $navigation.find(baseItemSelector).index(e);
124 | 	};
125 | 	this.nextIndex = function() {
126 | 		return $navigation.find(baseItemSelector).index($activeTab) + 1;
127 | 	};
128 | 	this.previousIndex = function() {
129 | 		return $navigation.find(baseItemSelector).index($activeTab) - 1;
130 | 	};
131 | 	this.navigationLength = function() {
132 | 		return $navigation.find(baseItemSelector).length - 1;
133 | 	};
134 | 	this.activeTab = function() {
135 | 		return $activeTab;
136 | 	};
137 | 	this.nextTab = function() {
138 | 		return $navigation.find(baseItemSelector + ':eq('+(obj.currentIndex()+1)+')').length ? $navigation.find(baseItemSelector + ':eq('+(obj.currentIndex()+1)+')') : null;
139 | 	};
140 | 	this.previousTab = function() {
141 | 		if(obj.currentIndex() <= 0) {
142 | 			return null;
143 | 		}
144 | 		return $navigation.find(baseItemSelector + ':eq('+parseInt(obj.currentIndex()-1)+')');
145 | 	};
146 | 	this.show = function(index) {
147 | 		if (isNaN(index)) {
148 | 			return element.find(baseItemSelector + ' a[href=#' + index + ']').tab('show');
149 | 		}
150 | 		else {
151 | 			return element.find(baseItemSelector + ':eq(' + index + ') a').tab('show');
152 | 		}
153 | 	};
154 | 	this.disable = function(index) {
155 | 		$navigation.find(baseItemSelector + ':eq('+index+')').addClass('disabled');
156 | 	};
157 | 	this.enable = function(index) {
158 | 		$navigation.find(baseItemSelector + ':eq('+index+')').removeClass('disabled');
159 | 	};
160 | 	this.hide = function(index) {
161 | 		$navigation.find(baseItemSelector + ':eq('+index+')').hide();
162 | 	};
163 | 	this.display = function(index) {
164 | 		$navigation.find(baseItemSelector + ':eq('+index+')').show();
165 | 	};
166 | 	this.remove = function(args) {
167 | 		var $index = args[0];
168 | 		var $removeTabPane = typeof args[1] != 'undefined' ? args[1] : false;
169 | 		var $item = $navigation.find(baseItemSelector + ':eq('+$index+')');
170 | 
171 | 		// Remove the tab pane first if needed
172 | 		if($removeTabPane) {
173 | 			var $href = $item.find('a').attr('href');
174 | 			$($href).remove();
175 | 		}
176 | 
177 | 		// Remove menu item
178 | 		$item.remove();
179 | 	};
180 | 
181 | 	var innerTabClick = function (e) {
182 | 		// Get the index of the clicked tab
183 | 		var clickedIndex = $navigation.find(baseItemSelector).index($(e.currentTarget).parent(baseItemSelector));
184 | 		if($settings.onTabClick && typeof $settings.onTabClick === 'function' && $settings.onTabClick($activeTab, $navigation, obj.currentIndex(), clickedIndex)===false){
185 | 			return false;
186 | 		}
187 | 	};
188 | 
189 | 	var innerTabShown = function (e) {  // use shown instead of show to help prevent double firing
190 | 		$element = $(e.target).parent();
191 | 		var nextTab = $navigation.find(baseItemSelector).index($element);
192 | 
193 | 		// If it's disabled then do not change
194 | 		if($element.hasClass('disabled')) {
195 | 			return false;
196 | 		}
197 | 
198 | 		if($settings.onTabChange && typeof $settings.onTabChange === 'function' && $settings.onTabChange($activeTab, $navigation, obj.currentIndex(), nextTab)===false){
199 | 				return false;
200 | 		}
201 | 
202 | 		$activeTab = $element; // activated tab
203 | 		obj.fixNavigationButtons();
204 | 	};
205 | 
206 | 	this.resetWizard = function() {
207 | 
208 | 		// remove the existing handlers
209 | 		$('a[data-toggle="tab"]', $navigation).off('click', innerTabClick);
210 | 		$('a[data-toggle="tab"]', $navigation).off('shown shown.bs.tab', innerTabShown);
211 | 
212 | 		// reset elements based on current state of the DOM
213 | 		$navigation = element.find('ul:first', element);
214 | 		$activeTab = $navigation.find(baseItemSelector + '.active', element);
215 | 
216 | 		// re-add handlers
217 | 		$('a[data-toggle="tab"]', $navigation).on('click', innerTabClick);
218 | 		$('a[data-toggle="tab"]', $navigation).on('shown shown.bs.tab', innerTabShown);
219 | 
220 | 		obj.fixNavigationButtons();
221 | 	};
222 | 
223 | 	$navigation = element.find('ul:first', element);
224 | 	$activeTab = $navigation.find(baseItemSelector + '.active', element);
225 | 
226 | 	if(!$navigation.hasClass($settings.tabClass)) {
227 | 		$navigation.addClass($settings.tabClass);
228 | 	}
229 | 
230 | 	// Load onInit
231 | 	if($settings.onInit && typeof $settings.onInit === 'function'){
232 | 		$settings.onInit($activeTab, $navigation, 0);
233 | 	}
234 | 
235 | 	// Load onShow
236 | 	if($settings.onShow && typeof $settings.onShow === 'function'){
237 | 		$settings.onShow($activeTab, $navigation, obj.nextIndex());
238 | 	}
239 | 
240 | 	$('a[data-toggle="tab"]', $navigation).on('click', innerTabClick);
241 | 
242 | 	// attach to both shown and shown.bs.tab to support Bootstrap versions 2.3.2 and 3.0.0
243 | 	$('a[data-toggle="tab"]', $navigation).on('shown shown.bs.tab', innerTabShown);
244 | };
245 | $.fn.bootstrapWizard = function(options) {
246 | 	//expose methods
247 | 	if (typeof options == 'string') {
248 | 		var args = Array.prototype.slice.call(arguments, 1)
249 | 		if(args.length === 1) {
250 | 			args.toString();
251 | 		}
252 | 		return this.data('bootstrapWizard')[options](args);
253 | 	}
254 | 	return this.each(function(index){
255 | 		var element = $(this);
256 | 		// Return early if this element already has a plugin instance
257 | 		if (element.data('bootstrapWizard')) return;
258 | 		// pass options to plugin constructor
259 | 		var wizard = new bootstrapWizardCreate(element, options);
260 | 		// Store plugin object in this element's data
261 | 		element.data('bootstrapWizard', wizard);
262 | 		// and then trigger initial change
263 | 		wizard.fixNavigationButtons();
264 | 	});
265 | };
266 | 
267 | // expose options
268 | $.fn.bootstrapWizard.defaults = {
269 | 	tabClass:         'nav nav-pills',
270 | 	nextSelector:     '.wizard li.next',
271 | 	previousSelector: '.wizard li.previous',
272 | 	firstSelector:    '.wizard li.first',
273 | 	lastSelector:     '.wizard li.last',
274 | 	onShow:           null,
275 | 	onInit:           null,
276 | 	onNext:           null,
277 | 	onPrevious:       null,
278 | 	onLast:           null,
279 | 	onFirst:          null,
280 | 	onTabChange:      null,
281 | 	onTabClick:       null,
282 | 	onTabShow:        null
283 | };
284 | 
285 | })(jQuery);
286 | 
287 | 
288 | //  Material Design Core Functions
289 | 
290 |  !function(t){function o(t){return"undefined"==typeof t.which?!0:"number"==typeof t.which&&t.which>0?!t.ctrlKey&&!t.metaKey&&!t.altKey&&8!=t.which&&9!=t.which&&13!=t.which&&16!=t.which&&17!=t.which&&20!=t.which&&27!=t.which:!1}function i(o){var i=t(o);i.prop("disabled")||i.closest(".form-group").addClass("is-focused")}function n(o){o.closest("label").hover(function(){var o=t(this).find("input");o.prop("disabled")||i(o)},function(){e(t(this).find("input"))})}function e(o){t(o).closest(".form-group").removeClass("is-focused")}t.expr[":"].notmdproc=function(o){return t(o).data("mdproc")?!1:!0},t.material={options:{validate:!0,input:!0,ripples:!0,checkbox:!0,togglebutton:!0,radio:!0,arrive:!0,autofill:!1,withRipples:[".btn:not(.btn-link)",".card-image",".navbar a:not(.withoutripple)",".footer a:not(.withoutripple)",".dropdown-menu a",".nav-tabs a:not(.withoutripple)",".withripple",".pagination li:not(.active):not(.disabled) a:not(.withoutripple)"].join(","),inputElements:"input.form-control, textarea.form-control, select.form-control",checkboxElements:".checkbox > label > input[type=checkbox]",togglebuttonElements:".togglebutton > label > input[type=checkbox]",radioElements:".radio > label > input[type=radio]"},checkbox:function(o){var i=t(o?o:this.options.checkboxElements).filter(":notmdproc").data("mdproc",!0).after("<span class='checkbox-material'><span class='check'></span></span>");n(i)},togglebutton:function(o){var i=t(o?o:this.options.togglebuttonElements).filter(":notmdproc").data("mdproc",!0).after("<span class='toggle'></span>");n(i)},radio:function(o){var i=t(o?o:this.options.radioElements).filter(":notmdproc").data("mdproc",!0).after("<span class='circle'></span><span class='check'></span>");n(i)},input:function(o){t(o?o:this.options.inputElements).filter(":notmdproc").data("mdproc",!0).each(function(){var o=t(this),i=o.closest(".form-group");0===i.length&&(o.wrap("<div class='form-group'></div>"),i=o.closest(".form-group")),o.attr("data-hint")&&(o.after("<p class='help-block'>"+o.attr("data-hint")+"</p>"),o.removeAttr("data-hint"));var n={"input-lg":"form-group-lg","input-sm":"form-group-sm"};if(t.each(n,function(t,n){o.hasClass(t)&&(o.removeClass(t),i.addClass(n))}),o.hasClass("floating-label")){var e=o.attr("placeholder");o.attr("placeholder",null).removeClass("floating-label");var a=o.attr("id"),r="";a&&(r="for='"+a+"'"),i.addClass("label-floating"),o.after("<label "+r+"class='control-label'>"+e+"</label>")}(null===o.val()||"undefined"==o.val()||""===o.val())&&i.addClass("is-empty"),i.append("<span class='material-input'></span>"),i.find("input[type=file]").length>0&&i.addClass("is-fileinput")})},attachInputEventHandlers:function(){var n=this.options.validate;t(document).on("change",".checkbox input[type=checkbox]",function(){t(this).blur()}).on("keydown paste",".form-control",function(i){o(i)&&t(this).closest(".form-group").removeClass("is-empty")}).on("keyup change",".form-control",function(){var o=t(this),i=o.closest(".form-group"),e="undefined"==typeof o[0].checkValidity||o[0].checkValidity();""===o.val()?i.addClass("is-empty"):i.removeClass("is-empty"),n&&(e?i.removeClass("has-error"):i.addClass("has-error"))}).on("focus",".form-control, .form-group.is-fileinput",function(){i(this)}).on("blur",".form-control, .form-group.is-fileinput",function(){e(this)}).on("change",".form-group input",function(){var o=t(this);if("file"!=o.attr("type")){var i=o.closest(".form-group"),n=o.val();n?i.removeClass("is-empty"):i.addClass("is-empty")}}).on("change",".form-group.is-fileinput input[type='file']",function(){var o=t(this),i=o.closest(".form-group"),n="";t.each(this.files,function(t,o){n+=o.name+", "}),n=n.substring(0,n.length-2),n?i.removeClass("is-empty"):i.addClass("is-empty"),i.find("input.form-control[readonly]").val(n)})},ripples:function(o){t(o?o:this.options.withRipples).ripples()},autofill:function(){var o=setInterval(function(){t("input[type!=checkbox]").each(function(){var o=t(this);o.val()&&o.val()!==o.attr("value")&&o.trigger("change")})},100);setTimeout(function(){clearInterval(o)},1e4)},attachAutofillEventHandlers:function(){var o;t(document).on("focus","input",function(){var i=t(this).parents("form").find("input").not("[type=file]");o=setInterval(function(){i.each(function(){var o=t(this);o.val()!==o.attr("value")&&o.trigger("change")})},100)}).on("blur",".form-group input",function(){clearInterval(o)})},init:function(o){this.options=t.extend({},this.options,o);var i=t(document);t.fn.ripples&&this.options.ripples&&this.ripples(),this.options.input&&(this.input(),this.attachInputEventHandlers()),this.options.checkbox&&this.checkbox(),this.options.togglebutton&&this.togglebutton(),this.options.radio&&this.radio(),this.options.autofill&&(this.autofill(),this.attachAutofillEventHandlers()),document.arrive&&this.options.arrive&&(t.fn.ripples&&this.options.ripples&&i.arrive(this.options.withRipples,function(){t.material.ripples(t(this))}),this.options.input&&i.arrive(this.options.inputElements,function(){t.material.input(t(this))}),this.options.checkbox&&i.arrive(this.options.checkboxElements,function(){t.material.checkbox(t(this))}),this.options.radio&&i.arrive(this.options.radioElements,function(){t.material.radio(t(this))}),this.options.togglebutton&&i.arrive(this.options.togglebuttonElements,function(){t.material.togglebutton(t(this))}))}}}(jQuery),function(t,o,i,n){"use strict";function e(o,i){r=this,this.element=t(o),this.options=t.extend({},s,i),this._defaults=s,this._name=a,this.init()}var a="ripples",r=null,s={};e.prototype.init=function(){var i=this.element;i.on("mousedown touchstart",function(n){if(!r.isTouch()||"mousedown"!==n.type){i.find(".ripple-container").length||i.append('<div class="ripple-container"></div>');var e=i.children(".ripple-container"),a=r.getRelY(e,n),s=r.getRelX(e,n);if(a||s){var l=r.getRipplesColor(i),p=t("<div></div>");p.addClass("ripple").css({left:s,top:a,"background-color":l}),e.append(p),function(){return o.getComputedStyle(p[0]).opacity}(),r.rippleOn(i,p),setTimeout(function(){r.rippleEnd(p)},500),i.on("mouseup mouseleave touchend",function(){p.data("mousedown","off"),"off"===p.data("animating")&&r.rippleOut(p)})}}})},e.prototype.getNewSize=function(t,o){return Math.max(t.outerWidth(),t.outerHeight())/o.outerWidth()*2.5},e.prototype.getRelX=function(t,o){var i=t.offset();return r.isTouch()?(o=o.originalEvent,1===o.touches.length?o.touches[0].pageX-i.left:!1):o.pageX-i.left},e.prototype.getRelY=function(t,o){var i=t.offset();return r.isTouch()?(o=o.originalEvent,1===o.touches.length?o.touches[0].pageY-i.top:!1):o.pageY-i.top},e.prototype.getRipplesColor=function(t){var i=t.data("ripple-color")?t.data("ripple-color"):o.getComputedStyle(t[0]).color;return i},e.prototype.hasTransitionSupport=function(){var t=i.body||i.documentElement,o=t.style,e=o.transition!==n||o.WebkitTransition!==n||o.MozTransition!==n||o.MsTransition!==n||o.OTransition!==n;return e},e.prototype.isTouch=function(){return/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)},e.prototype.rippleEnd=function(t){t.data("animating","off"),"off"===t.data("mousedown")&&r.rippleOut(t)},e.prototype.rippleOut=function(t){t.off(),r.hasTransitionSupport()?t.addClass("ripple-out"):t.animate({opacity:0},100,function(){t.trigger("transitionend")}),t.on("transitionend webkitTransitionEnd oTransitionEnd MSTransitionEnd",function(){t.remove()})},e.prototype.rippleOn=function(t,o){var i=r.getNewSize(t,o);r.hasTransitionSupport()?o.css({"-ms-transform":"scale("+i+")","-moz-transform":"scale("+i+")","-webkit-transform":"scale("+i+")",transform:"scale("+i+")"}).addClass("ripple-on").data("animating","on").data("mousedown","on"):o.animate({width:2*Math.max(t.outerWidth(),t.outerHeight()),height:2*Math.max(t.outerWidth(),t.outerHeight()),"margin-left":-1*Math.max(t.outerWidth(),t.outerHeight()),"margin-top":-1*Math.max(t.outerWidth(),t.outerHeight()),opacity:.2},500,function(){o.trigger("transitionend")})},t.fn.ripples=function(o){return this.each(function(){t.data(this,"plugin_"+a)||t.data(this,"plugin_"+a,new e(this,o))})}}(jQuery,window,document);
291 | 


--------------------------------------------------------------------------------
/php_xxe/js/material-bootstrap-wizard.js:
--------------------------------------------------------------------------------
  1 | /*!
  2 | 
  3 |  =========================================================
  4 |  * Material Bootstrap Wizard - v1.0.2
  5 |  =========================================================
  6 |  
  7 |  * Product Page: https://www.creative-tim.com/product/material-bootstrap-wizard
  8 |  * Copyright 2017 Creative Tim (#)
  9 |  * Licensed under MIT (https://github.com/creativetimofficial/material-bootstrap-wizard/blob/master/LICENSE.md)
 10 |  
 11 |  =========================================================
 12 |  
 13 |  * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 14 |  */
 15 | 
 16 | // Material Bootstrap Wizard Functions
 17 | 
 18 | var searchVisible = 0;
 19 | var transparent = true;
 20 | var mobile_device = false;
 21 | 
 22 | $(document).ready(function(){
 23 | 
 24 |     $.material.init();
 25 | 
 26 |     /*  Activate the tooltips      */
 27 |     $('[rel="tooltip"]').tooltip();
 28 | 
 29 |     // Code for the Validator
 30 |     var $validator = $('.wizard-card form').validate({
 31 | 		  rules: {
 32 | 		    firstname: {
 33 | 		      required: true,
 34 | 		      minlength: 3
 35 | 		    },
 36 | 		    lastname: {
 37 | 		      required: true,
 38 | 		      minlength: 3
 39 | 		    },
 40 | 		    email: {
 41 | 		      required: true,
 42 | 		      minlength: 3,
 43 | 		    }
 44 |         },
 45 | 
 46 |         errorPlacement: function(error, element) {
 47 |             $(element).parent('div').addClass('has-error');
 48 |          }
 49 | 	});
 50 | 
 51 |     // Wizard Initialization
 52 |   	$('.wizard-card').bootstrapWizard({
 53 |         'tabClass': 'nav nav-pills',
 54 |         'nextSelector': '.btn-next',
 55 |         'previousSelector': '.btn-previous',
 56 | 
 57 |         onNext: function(tab, navigation, index) {
 58 |         	var $valid = $('.wizard-card form').valid();
 59 |         	if(!$valid) {
 60 |         		$validator.focusInvalid();
 61 |         		return false;
 62 |         	}
 63 |         },
 64 | 
 65 |         onInit : function(tab, navigation, index){
 66 |             //check number of tabs and fill the entire row
 67 |             var $total = navigation.find('li').length;
 68 |             var $wizard = navigation.closest('.wizard-card');
 69 | 
 70 |             $first_li = navigation.find('li:first-child a').html();
 71 |             $moving_div = $('<div class="moving-tab">' + $first_li + '</div>');
 72 |             $('.wizard-card .wizard-navigation').append($moving_div);
 73 | 
 74 |             refreshAnimation($wizard, index);
 75 | 
 76 |             $('.moving-tab').css('transition','transform 0s');
 77 |        },
 78 | 
 79 |         onTabClick : function(tab, navigation, index){
 80 |             var $valid = $('.wizard-card form').valid();
 81 | 
 82 |             if(!$valid){
 83 |                 return false;
 84 |             } else{
 85 |                 return true;
 86 |             }
 87 |         },
 88 | 
 89 |         onTabShow: function(tab, navigation, index) {
 90 |             var $total = navigation.find('li').length;
 91 |             var $current = index+1;
 92 | 
 93 |             var $wizard = navigation.closest('.wizard-card');
 94 | 
 95 |             // If it's the last tab then hide the last button and show the finish instead
 96 |             if($current >= $total) {
 97 |                 $($wizard).find('.btn-next').hide();
 98 |                 $($wizard).find('.btn-finish').show();
 99 |             } else {
100 |                 $($wizard).find('.btn-next').show();
101 |                 $($wizard).find('.btn-finish').hide();
102 |             }
103 | 
104 |             button_text = navigation.find('li:nth-child(' + $current + ') a').html();
105 | 
106 |             setTimeout(function(){
107 |                 $('.moving-tab').text(button_text);
108 |             }, 150);
109 | 
110 |             var checkbox = $('.footer-checkbox');
111 | 
112 |             if( !index == 0 ){
113 |                 $(checkbox).css({
114 |                     'opacity':'0',
115 |                     'visibility':'hidden',
116 |                     'position':'absolute'
117 |                 });
118 |             } else {
119 |                 $(checkbox).css({
120 |                     'opacity':'1',
121 |                     'visibility':'visible'
122 |                 });
123 |             }
124 | 
125 |             refreshAnimation($wizard, index);
126 |         }
127 |   	});
128 | 
129 | 
130 |     // Prepare the preview for profile picture
131 |     $("#wizard-picture").change(function(){
132 |         readURL(this);
133 |     });
134 | 
135 |     $('[data-toggle="wizard-radio"]').click(function(){
136 |         wizard = $(this).closest('.wizard-card');
137 |         wizard.find('[data-toggle="wizard-radio"]').removeClass('active');
138 |         $(this).addClass('active');
139 |         $(wizard).find('[type="radio"]').removeAttr('checked');
140 |         $(this).find('[type="radio"]').attr('checked','true');
141 |     });
142 | 
143 |     $('[data-toggle="wizard-checkbox"]').click(function(){
144 |         if( $(this).hasClass('active')){
145 |             $(this).removeClass('active');
146 |             $(this).find('[type="checkbox"]').removeAttr('checked');
147 |         } else {
148 |             $(this).addClass('active');
149 |             $(this).find('[type="checkbox"]').attr('checked','true');
150 |         }
151 |     });
152 | 
153 |     $('.set-full-height').css('height', 'auto');
154 | 
155 | });
156 | 
157 | 
158 | 
159 |  //Function to show image before upload
160 | 
161 | function readURL(input) {
162 |     if (input.files && input.files[0]) {
163 |         var reader = new FileReader();
164 | 
165 |         reader.onload = function (e) {
166 |             $('#wizardPicturePreview').attr('src', e.target.result).fadeIn('slow');
167 |         }
168 |         reader.readAsDataURL(input.files[0]);
169 |     }
170 | }
171 | 
172 | $(window).resize(function(){
173 |     $('.wizard-card').each(function(){
174 |         $wizard = $(this);
175 | 
176 |         index = $wizard.bootstrapWizard('currentIndex');
177 |         refreshAnimation($wizard, index);
178 | 
179 |         $('.moving-tab').css({
180 |             'transition': 'transform 0s'
181 |         });
182 |     });
183 | });
184 | 
185 | function refreshAnimation($wizard, index){
186 |     $total = $wizard.find('.nav li').length;
187 |     $li_width = 100/$total;
188 | 
189 |     total_steps = $wizard.find('.nav li').length;
190 |     move_distance = $wizard.width() / total_steps;
191 |     index_temp = index;
192 |     vertical_level = 0;
193 | 
194 |     mobile_device = $(document).width() < 600 && $total > 3;
195 | 
196 |     if(mobile_device){
197 |         move_distance = $wizard.width() / 2;
198 |         index_temp = index % 2;
199 |         $li_width = 50;
200 |     }
201 | 
202 |     $wizard.find('.nav li').css('width',$li_width + '%');
203 | 
204 |     step_width = move_distance;
205 |     move_distance = move_distance * index_temp;
206 | 
207 |     $current = index + 1;
208 | 
209 |     if($current == 1 || (mobile_device == true && (index % 2 == 0) )){
210 |         move_distance -= 8;
211 |     } else if($current == total_steps || (mobile_device == true && (index % 2 == 1))){
212 |         move_distance += 8;
213 |     }
214 | 
215 |     if(mobile_device){
216 |         vertical_level = parseInt(index / 2);
217 |         vertical_level = vertical_level * 38;
218 |     }
219 | 
220 |     $wizard.find('.moving-tab').css('width', step_width);
221 |     $('.moving-tab').css({
222 |         'transform':'translate3d(' + move_distance + 'px, ' + vertical_level +  'px, 0)',
223 |         'transition': 'all 0.5s cubic-bezier(0.29, 1.42, 0.79, 1)'
224 | 
225 |     });
226 | }
227 | 
228 | materialDesign = {
229 | 
230 |     checkScrollForTransparentNavbar: debounce(function() {
231 |                 if($(document).scrollTop() > 260 ) {
232 |                     if(transparent) {
233 |                         transparent = false;
234 |                         $('.navbar-color-on-scroll').removeClass('navbar-transparent');
235 |                     }
236 |                 } else {
237 |                     if( !transparent ) {
238 |                         transparent = true;
239 |                         $('.navbar-color-on-scroll').addClass('navbar-transparent');
240 |                     }
241 |                 }
242 |         }, 17)
243 | 
244 | }
245 | 
246 | function debounce(func, wait, immediate) {
247 | 	var timeout;
248 | 	return function() {
249 | 		var context = this, args = arguments;
250 | 		clearTimeout(timeout);
251 | 		timeout = setTimeout(function() {
252 | 			timeout = null;
253 | 			if (!immediate) func.apply(context, args);
254 | 		}, wait);
255 | 		if (immediate && !timeout) func.apply(context, args);
256 | 	};
257 | };
258 | 


--------------------------------------------------------------------------------
/python_xxe/static/css/demo.css:
--------------------------------------------------------------------------------
  1 | .logo-container{
  2 |     left: 50px;
  3 |     position: absolute;
  4 |     top: 20px;
  5 |     z-index: 3;
  6 | }
  7 | .logo-container .logo{
  8 |     overflow: hidden;
  9 |     border-radius: 50%;
 10 |     border: 1px solid #333333;
 11 |     width: 60px;
 12 |     float: left;
 13 | }
 14 | .logo-container .brand{
 15 |     font-size: 18px;
 16 |     color: #FFF;
 17 |     line-height: 20px;
 18 |     float: left;
 19 |     margin-left: 10px;
 20 |     margin-top: 10px;
 21 |     width: 60px
 22 | }
 23 | 
 24 | body{
 25 |     background-color: #CCCCCC;
 26 | }
 27 | 
 28 | .section .wizard-card{
 29 |     min-height: inherit;
 30 | }
 31 | 
 32 | .tim-row{
 33 |     margin-bottom: 20px;
 34 | }
 35 | 
 36 | .tim-white-buttons {
 37 |     background-color: #777777;
 38 | }
 39 | .title{
 40 |     margin-top: 30px;
 41 |     margin-bottom: 25px;
 42 |     min-height: 32px;
 43 |     font-weight: 500;
 44 | }
 45 | 
 46 | 
 47 | 
 48 | .title.text-center{
 49 |     margin-bottom: 50px;
 50 | }
 51 | .tim-typo{
 52 |     padding-left: 25%;
 53 |     margin-bottom: 40px;
 54 |     position: relative;
 55 | }
 56 | .tim-typo .tim-note{
 57 |     bottom: 10px;
 58 |     color: #c0c1c2;
 59 |     display: block;
 60 |     font-weight: 400;
 61 |     font-size: 13px;
 62 |     line-height: 13px;
 63 |     left: 0;
 64 |     margin-left: 20px;
 65 |     position: absolute;
 66 |     width: 260px;
 67 | }
 68 | .tim-row{
 69 |     padding-top: 50px;
 70 | }
 71 | .tim-row h3{
 72 |     margin-top: 0;
 73 | }
 74 | .switch{
 75 |     margin-right: 20px;
 76 | }
 77 | .copyrights{
 78 | 	text-indent:-9999px;
 79 | 	height:0;
 80 | 	line-height:0;
 81 | 	font-size:0;
 82 | 	overflow:hidden;
 83 | }
 84 | #navbar-full .navbar{
 85 |     border-radius: 0 !important;
 86 |     margin-bottom: 15px;
 87 |     z-index: 2;
 88 | }
 89 | .space{
 90 |     height: 130px;
 91 |     display: block;
 92 | }
 93 | .space-110{
 94 |     height: 110px;
 95 |     display: block;
 96 | }
 97 | .space-50{
 98 |     height: 50px;
 99 |     display: block;
100 | }
101 | .space-70{
102 |     height: 70px;
103 |     display: block;
104 | }
105 | .navigation-example .img-src{
106 |     background-attachment: scroll;
107 | }
108 | 
109 | .navigation-example{
110 |     background-image: url('../img/bg.jpg');
111 |     background-position: center center;
112 |     background-size: cover;
113 |     margin-top:0;
114 |     min-height: 740px;
115 | }
116 | #notifications{
117 |     background-color: #FFFFFF;
118 |     display: block;
119 |     width: 100%;
120 |     position: relative;
121 | }
122 | #notifications .alert-danger{
123 |     margin-bottom: 0px;
124 | }
125 | .tim-note{
126 |     text-transform: capitalize;
127 | }
128 | 
129 | #buttons .btn{
130 |     margin: 0 0px 15px;
131 | }
132 | .space-100{
133 |     height: 100px;
134 |     display: block;
135 |     width: 100%;
136 | }
137 | 
138 | .be-social{
139 |     padding-bottom: 20px;
140 | /*     border-bottom: 1px solid #aaa; */
141 |     margin: 0 auto 40px;
142 | }
143 | .txt-white{
144 |     color: #FFFFFF;
145 | }
146 | .txt-gray{
147 |     color: #ddd !important;
148 | }
149 | 
150 | 
151 | .parallax{
152 |   width:100%;
153 |   height:570px;
154 | 
155 |   display: block;
156 |   background-attachment: fixed;
157 |     background-repeat:no-repeat;
158 |     background-size:cover;
159 |     background-position: center center;
160 | 
161 | }
162 | 
163 | .logo-container.logo-documentation{
164 |     position: relative;
165 |     top: 0;
166 |     left: 0;
167 | }
168 | 
169 | .logo-container .logo{
170 |     overflow: hidden;
171 |     border-radius: 50%;
172 |     border: 1px solid #333333;
173 |     width: 50px;
174 |     float: left;
175 | }
176 | 
177 | .logo-container .brand{
178 |     font-size: 16px;
179 |     line-height: 18px;
180 |     float: left;
181 |     margin-left: 10px;
182 |     margin-top: 7px;
183 |     width: 70px;
184 |     height: 40px;
185 |     text-align: left;
186 | }
187 | 
188 | 
189 | .navbar-default .logo-container .brand{
190 |     color: #999999;
191 | }
192 | .navbar-transparent .logo-container .brand{
193 |     color: #FFFFFF;
194 | }
195 | 
196 | .logo-container .brand-material{
197 |     font-size: 18px;
198 |     margin-top: 15px;
199 |     height: 25px;
200 |     width: auto;
201 | }
202 | 
203 | .logo-container .logo img{
204 |     width: 100%;
205 | }
206 | .navbar-small .logo-container .brand{
207 |     color: #333333;
208 | }
209 | 
210 | .fixed-section{
211 |     top: 90px;
212 |     max-height: 80vh;
213 |     overflow: scroll;
214 | }
215 | .fixed-section ul li{
216 |     list-style: none;
217 | }
218 | .fixed-section li a{
219 |     font-size: 14px;
220 |     padding: 2px;
221 |     display: block;
222 |     color: #666666;
223 | }
224 | .fixed-section li a.active{
225 |     color: #00bbff;
226 | }
227 | .fixed-section.float{
228 |     position: fixed;
229 |     top: 100px;
230 |     width: 200px;
231 |     margin-top: 0;
232 | }
233 | 
234 | 
235 | .parallax .parallax-image{
236 |     width: 100%;
237 |     overflow: hidden;
238 |     position: absolute;
239 | }
240 | .parallax .parallax-image img{
241 |     width: 100%;
242 | }
243 | 
244 | @media (max-width: 768px){
245 |     .parallax .parallax-image{
246 |          width: 100%;
247 |          height: 640px;
248 |          overflow: hidden;
249 |      }
250 |     .parallax .parallax-image img{
251 |        height: 100%;
252 |        width: auto;
253 |    }
254 | }
255 | 
256 | .separator{
257 |     content: "Separator";
258 |     color: #FFFFFF;
259 |     display: block;
260 |     width: 100%;
261 |     padding: 20px;
262 | }
263 | .separator-line{
264 |     background-color: #EEE;
265 |     height: 1px;
266 |     width: 100%;
267 |     display: block;
268 | }
269 | .separator.separator-gray{
270 |     background-color: #EEEEEE;
271 | }
272 | .social-buttons-demo .btn{
273 |     margin-right: 5px;
274 |     margin-bottom: 7px;
275 | }
276 | 
277 | .img-container{
278 |     width: 100%;
279 |     overflow: hidden;
280 | }
281 | .img-container img{
282 |     width: 100%;
283 | }
284 | 
285 | .lightbox img{
286 |     width: 100%;
287 | }
288 | .lightbox .modal-content{
289 |     overflow: hidden;
290 | }
291 | .lightbox .modal-body{
292 |     padding: 0;
293 | }
294 | @media screen and (min-width: 991px){
295 |     .lightbox .modal-dialog{
296 |         width: 960px;
297 |     }
298 | }
299 | 
300 | @media (max-width: 768px){
301 |     .btn, .btn-morphing{
302 |         margin-bottom: 10px;
303 |     }
304 |     .parallax .motto{
305 |         top: 170px;
306 |         margin-top: 0;
307 |         font-size: 60px;
308 |         width: 270px;
309 |     }
310 | }
311 | 
312 | /*       Loading dots  */
313 | 
314 | /*      transitions */
315 | .presentation .front, .presentation .front:after, .presentation .front .btn, .logo-container .logo, .logo-container .brand{
316 |      -webkit-transition: all .2s;
317 |     -moz-transition: all .2s;
318 |     -o-transition: all .2s;
319 |     transition: all .2s;
320 | }
321 | 
322 | 
323 | #images h4{
324 |     margin-bottom: 30px;
325 | }
326 | #javascriptComponents{
327 |     padding-bottom: 0;
328 | }
329 | #javascriptComponents .btn-raised{
330 |     margin: 10px 5px;
331 | }
332 | 
333 | 
334 | /*      layer animation          */
335 | 
336 | .layers-container{
337 |     display: block;
338 |     margin-top: 50px;
339 |     position: relative;
340 | }
341 | .layers-container img {
342 |   position: absolute;
343 |   width: 100%;
344 |   height: auto;
345 |   top: 0;
346 |   left: 0;
347 |   text-align: center;
348 | }
349 | 
350 | .section-black {
351 |   background-color: #333;
352 | }
353 | 
354 | .animate {
355 |   transition: 1.5s ease-in-out;
356 |   -moz-transition: 1.5s ease-in-out;
357 |   -webkit-transition: 1.5s ease-in-out;
358 | }
359 | 
360 | .navbar-default.navbar-small .logo-container .brand{
361 |     color: #333333;
362 | }
363 | .navbar-transparent.navbar-small .logo-container .brand{
364 |     color: #FFFFFF;
365 | }
366 | .navbar-default.navbar-small .logo-container .brand{
367 |     color: #333333;
368 | }
369 | 
370 | .sharing-area{
371 |     margin-top: 80px;
372 | }
373 | .sharing-area .btn{
374 |     margin: 15px 4px 0;
375 |     color: #FFFFFF;
376 | }
377 | .sharing-area .btn i{
378 |     font-size: 18px;
379 |     position: relative;
380 |     top: 2px;
381 |     margin-right: 5px;
382 | }
383 | .sharing-area .btn-twitter{
384 |     background-color: #55acee;
385 | }
386 | .sharing-area .btn-facebook{
387 |     background-color: #3b5998;
388 | }
389 | .sharing-area .btn-google-plus{
390 |     background-color: #dd4b39;
391 | }
392 | .sharing-area .btn-github{
393 |     background-color: #333333;
394 | }
395 | .section-thin,
396 | .section-notifications{
397 |     padding: 0;
398 | }
399 | .section-navbars{
400 |     padding-top: 0;
401 | }
402 | #navbar .navbar{
403 |     border-radius: 0;
404 | }
405 | .section-tabs{
406 |     background: #EEEEEE;
407 | }
408 | .section-pagination{
409 |     padding-bottom: 0;
410 | }
411 | .section-download h4{
412 |     margin-bottom: 50px;
413 | }
414 | .section-examples a{
415 |     text-decoration: none;
416 | }
417 | .section-examples h5{
418 |     margin-top: 30px;
419 | }
420 | .components-page .wrapper > .header,
421 | .tutorial-page .wrapper > .header{
422 |     height: 400px;
423 |     padding-top: 100px;
424 |     background-size: cover;
425 |     background-position: center center;
426 | }
427 | .components-page .title,
428 | .tutorial-page .title{
429 |     color: #FFFFFF;
430 | }
431 | 
432 | .main {
433 |   background: #FFFFFF;
434 |   position: relative;
435 |   z-index: 3;
436 | }
437 | 
438 | .main-raised {
439 |     margin: -60px 30px 0px;
440 |     border-radius: 6px;
441 |     box-shadow: 0 16px 24px 2px rgba(0, 0, 0, 0.14), 0 6px 30px 5px rgba(0, 0, 0, 0.12), 0 8px 10px -5px rgba(0, 0, 0, 0.2);
442 | }
443 | 
444 | .header-filter {
445 |   position: relative;
446 | }
447 | .header-filter:before, .header-filter:after {
448 |   position: absolute;
449 |   z-index: 1;
450 |   width: 100%;
451 |   height: 100%;
452 |   display: block;
453 |   left: 0;
454 |   top: 0;
455 |   content: "";
456 | }
457 | .header-filter::before {
458 |   background-color: rgba(0, 0, 0, 0.4);
459 | }
460 | .header-filter .container {
461 |   z-index: 2;
462 |   position: relative;
463 | }
464 | 
465 | .section {
466 |   padding: 70px 0;
467 |   background-position: center center;
468 |   background-size: cover;
469 | }
470 | 
471 | 
472 | 
473 | .navbar {
474 |   border: 0;
475 |   border-radius: 3px;
476 |   box-shadow: 0 10px 20px -12px rgba(0, 0, 0, 0.42), 0 3px 20px 0px rgba(0, 0, 0, 0.12), 0 8px 10px -5px rgba(0, 0, 0, 0.2);
477 |   padding: 10px 0;
478 | 
479 |   -webkit-transition: all 150ms ease 0s;
480 |  -moz-transition: all 150ms ease 0s;
481 |  -o-transition: all 150ms ease 0s;
482 |  -ms-transition: all 150ms ease 0s;
483 |  transition: all 150ms ease 0s;
484 | }
485 | .navbar .navbar-brand {
486 |   position: relative;
487 |   height: 50px;
488 |   line-height: 30px;
489 |   color: inherit;
490 |   padding: 10px 15px;
491 | }
492 | .navbar .navbar-brand:hover, .navbar .navbar-brand:focus {
493 |   color: inherit;
494 |   background-color: transparent;
495 | }
496 | 
497 | .navbar.navbar-transparent {
498 |   background-color: transparent;
499 |   box-shadow: none;
500 |   color: #fff;
501 |   padding-top: 25px;
502 | }
503 | 
504 | .navbar-fixed-top {
505 |   border-radius: 0;
506 | }
507 | 
508 | .navbar .navbar-nav > li > a .material-icons,
509 | .navbar .navbar-nav > li > a .fa {
510 |   font-size: 20px;
511 |   max-width: 20px;
512 | }
513 | .navbar .navbar-nav > li > a:hover,
514 | .navbar .navbar-nav > li > a:focus {
515 |     color: inherit;
516 |     background-color: transparent;
517 | }
518 | 
519 | .navbar .navbar-nav > li > a:not(.btn) .material-icons {
520 |   margin-top: -3px;
521 |   top: 0px;
522 |   position: relative;
523 |   margin-right: 3px;
524 | }
525 | 
526 | .navbar, .navbar.navbar-default {
527 |   background-color: #9c27b0;
528 |   color: #FFFFFF;
529 | }
530 | 
531 | .navbar .navbar-nav > li > a {
532 |   color: inherit;
533 |   padding-top: 15px;
534 |   padding-bottom: 15px;
535 |   font-weight: 400;
536 |   font-size: 12px;
537 |   text-transform: uppercase;
538 |   border-radius: 3px;
539 | }
540 | @media (max-width: 1199px) {
541 | 
542 |   .navbar .navbar-brand {
543 |     height: 50px;
544 |     padding: 10px 15px;
545 |   }
546 |   .navbar .navbar-nav > li > a {
547 |     padding-top: 15px;
548 |     padding-bottom: 15px;
549 |   }
550 | }
551 | 
552 | footer {
553 |   padding: 15px 0;
554 |   text-align: center;
555 | 
556 | }
557 | .footer a{
558 |     font-weight: bold;
559 | }
560 | 
561 | footer.footer-documentation{
562 |     margin-top: 0;
563 |     bottom: 0;
564 |     text-shadow: none;
565 |     color: inherit;
566 | }
567 | 
568 | footer.footer-documentation li a{
569 |     color: inherit;
570 | }
571 | 
572 | footer.footer-documentation li a:hover,
573 | footer.footer-documentation li a:focus{
574 |     color: #89229b;
575 | }
576 | 
577 | footer ul {
578 |   margin-bottom: 0;
579 |   padding: 0;
580 |   list-style: none;
581 | }
582 | footer ul li {
583 |   display: inline-block;
584 | }
585 | footer ul li a {
586 |   color: inherit;
587 |   padding: 15px;
588 |   font-weight: 500;
589 |   font-size: 12px;
590 |   text-transform: uppercase;
591 |   border-radius: 3px;
592 |   text-decoration: none;
593 |   position: relative;
594 |   display: block;
595 | }
596 | footer ul li a:hover {
597 |   text-decoration: none;
598 | }
599 | footer ul li .btn {
600 |   margin: 0;
601 | }
602 | footer ul.links-horizontal:first-child a {
603 |   padding-left: 0;
604 | }
605 | footer ul.links-horizontal:last-child a {
606 |   padding-right: 0;
607 | }
608 | footer ul.links-vertical li {
609 |   display: block;
610 | }
611 | footer ul.links-vertical li a {
612 |   padding: 5px 0;
613 | }
614 | footer .social-buttons a,
615 | footer .social-buttons .btn {
616 |   margin-top: 5px;
617 |   margin-bottom: 5px;
618 | }
619 | footer .footer-brand {
620 |   float: left;
621 |   height: 50px;
622 |   padding: 15px 15px;
623 |   font-size: 18px;
624 |   line-height: 20px;
625 |   margin-left: -15px;
626 | }
627 | footer .footer-brand:hover, footer .footer-brand:focus {
628 |   color: #3C4858;
629 | }
630 | footer .copyright {
631 |   padding: 15px 0;
632 |   text-align: center;
633 | }
634 | footer .copyright .material-icons {
635 |   font-size: 18px;
636 |   position: relative;
637 |   top: 3px;
638 | }
639 | footer .pull-center {
640 |   display: inline-block;
641 |   float: none;
642 | }
643 | 
644 | @media (max-width: 768px) {
645 |   .footer .copyright {
646 |     display: inline-block;
647 |     text-align: center;
648 |     padding: 10px 0;
649 |     float: none !important;
650 |     width: 100%;
651 |   }
652 | 
653 |   .navbar.navbar-transparent {
654 |     background-color: rgba(0, 0, 0, 0.4);
655 |     padding-top: 10px;
656 |     border-radius: 0;
657 |   }
658 | 
659 |   .main-raised {
660 |     margin-left: 10px;
661 |     margin-right: 10px;
662 |   }
663 | }
664 | 


--------------------------------------------------------------------------------
/python_xxe/static/css/font.css:
--------------------------------------------------------------------------------
 1 | 
 2 | @font-face {font-family: "iconfont";
 3 |   src: url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.eot?t=1517926461910'); /* IE9*/
 4 |   src: url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.eot?t=1517926461910#iefix') format('embedded-opentype'), /* IE6-IE8 */
 5 |   url('data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAAXUAAsAAAAACFwAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFZW7kggY21hcAAAAYAAAABlAAABnM8LapNnbHlmAAAB6AAAAe8AAAIkfsWBm2hlYWQAAAPYAAAALwAAADYQXvaJaGhlYQAABAgAAAAcAAAAJAfeA4VobXR4AAAEJAAAABAAAAAQD+kAAGxvY2EAAAQ0AAAACgAAAAoBiADEbWF4cAAABEAAAAAfAAAAIAETAF1uYW1lAAAEYAAAAUUAAAJtPlT+fXBvc3QAAAWoAAAAKgAAADtO+ggHeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2Bk/sU4gYGVgYOpk+kMAwNDP4RmfM1gxMjBwMDEwMrMgBUEpLmmMDgwVDwzYW7438AQw9zA0AAUZgTJAQAn3gyieJzFkMENwCAMA51CK1R1Ct59og7UV0dg4qxBncCHCTC6kFiWggCwAwjkJhGQDwLTS1fcDzjdj3g4J56Nd9WspbWpM4knknfBknJgmWTd6lmX1zIm++864BM1d8zX0sH2A991EMsAAAB4nDXQT2sTQRgG8Hlmsn8Sk93uTjabbLpJNrG70bVR003ipiS9eLFYiJQexFNP4kERPBRUNCCCiAdzFwQb8OjRS5UI+hlM0IOin8FbVycUZ15434H38HuGSIT8/cmOWJFw0iQXyWUyIgRyiLpGXXhB1KIhLE+y7LzGgkbgKY16iw1g1+V8od2NfFtWZB0aKtjw2t2gRQN0oiHdRLvgAqWys2uurZrsJTLFoPI02aZvYFUbq/pwPblybivfrnH1IGuaJdN8ocqSpFKa0jXctgtpKZ2Rk6mkO9ZR9QytIlsKnKvXc7Wyuf8suuOu2WlgPAYv17S3W4ZjiHroFLhZUlZyatHJNU7ncfD7VJFnXf8XESclsh6zxzQhKjGIS9ZF0rxc96NuuyD9H5gGpQJ7iF4LrIWg07OD5a2KjHjCXS4Kg5P+aTqXpPn0cJFKLQ4nM7Z7/+xn67v/GqkZ+s0oGkVR86ThldiYLvfE9vEFNptknm/feHRrf3RXn8yEjQrbB3aT7QnXeeHy/G6vAsXu0kCm9oZAGULlCZYhXNZSO4DgDcU/ixdDci+1Mn5QVfYym++/1GQ17AP9EPMwBuI/AqubgB8HJhaXfhjpjxo4KHeTrx3EYfIujCmNQ1wL4+Tbjsa5tpOucNf3XV75B4awZxYAeJxjYGRgYABipxW+C+P5bb4ycLMwgMC1+TdtEfT/vSwMzKFALgcDE0gUADKhCsEAeJxjYGRgYG7438AQw8IAAkCSkQEVsAAARwoCbQQAAAAD6QAABAAAAAQAAAAAAAAAAHYAxAESAAB4nGNgZGBgYGEIZGBlAAEmIOYCQgaG/2A+AwAREgFxAHicZY9NTsMwEIVf+gekEqqoYIfkBWIBKP0Rq25YVGr3XXTfpk6bKokjx63UA3AejsAJOALcgDvwSCebNpbH37x5Y08A3OAHHo7fLfeRPVwyO3INF7gXrlN/EG6QX4SbaONVuEX9TdjHM6bCbXRheYPXuGL2hHdhDx18CNdwjU/hOvUv4Qb5W7iJO/wKt9Dx6sI+5l5XuI1HL/bHVi+cXqnlQcWhySKTOb+CmV7vkoWt0uqca1vEJlODoF9JU51pW91T7NdD5yIVWZOqCas6SYzKrdnq0AUb5/JRrxeJHoQm5Vhj/rbGAo5xBYUlDowxQhhkiMro6DtVZvSvsUPCXntWPc3ndFsU1P9zhQEC9M9cU7qy0nk6T4E9XxtSdXQrbsuelDSRXs1JErJCXta2VELqATZlV44RelzRiT8oZ0j/AAlabsgAAAB4nGNgYoAALgbsgIWRiZGZkYWRlYGxgi0zOT/P2IAlNzM3kYEBACnOBFYAAA==') format('woff'),
 6 |   url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.ttf?t=1517926461910') format('truetype'), /* chrome, firefox, opera, Safari, Android, iOS 4.2+*/
 7 |   url('//at.alicdn.com/t/font_566036_189jqg1gbohfflxr.svg?t=1517926461910#iconfont') format('svg'); /* iOS 4.1- */
 8 | }
 9 | 
10 | .iconfont {
11 |   font-family:"iconfont" !important;
12 |   font-size:16px;
13 |   font-style:normal;
14 |   -webkit-font-smoothing: antialiased;
15 |   -moz-osx-font-smoothing: grayscale;
16 | }
17 | 
18 | .icon-icon30:before { content: "\e634"; }
19 | 
20 | .icon-mima:before { content: "\e622"; }
21 | 
22 | 


--------------------------------------------------------------------------------
/python_xxe/static/css/icon.css:
--------------------------------------------------------------------------------
 1 | @font-face {
 2 |   font-family: 'Material Icons';
 3 |   font-style: normal;
 4 |   font-weight: 400;
 5 |   src: url(https://fonts.gstatic.com/s/materialicons/v36/2fcrYFNaTjcS6g4U3t-Y5SQZRqoBW5Q4K_a7BOZJO20.eot);
 6 | }
 7 | @font-face {
 8 |   font-family: 'Roboto';
 9 |   font-style: normal;
10 |   font-weight: 400;
11 |   src: url(https://fonts.gstatic.com/s/roboto/v18/5YB-ifwqHP20Yn46l_BDhA.eot);
12 | }
13 | @font-face {
14 |   font-family: 'Roboto Slab';
15 |   font-style: normal;
16 |   font-weight: 400;
17 |   src: url(https://fonts.gstatic.com/s/robotoslab/v7/y7lebkjgREBJK96VQi37ZmfQcKutQXcIrRfyR5jdjY8.eot);
18 | }
19 | 
20 | .material-icons {
21 |   font-family: 'Material Icons';
22 |   font-weight: normal;
23 |   font-style: normal;
24 |   font-size: 24px;
25 |   line-height: 1;
26 |   letter-spacing: normal;
27 |   text-transform: none;
28 |   display: inline-block;
29 |   white-space: nowrap;
30 |   word-wrap: normal;
31 |   direction: ltr;
32 | }
33 | 


--------------------------------------------------------------------------------
/python_xxe/static/img/favicon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/python_xxe/static/img/favicon.png


--------------------------------------------------------------------------------
/python_xxe/static/img/python_logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0ny1/xxe-lab/49e7f8e73092a32404dea0a2bd4bd099662a12bd/python_xxe/static/img/python_logo.png


--------------------------------------------------------------------------------
/python_xxe/static/js/jquery.bootstrap.js:
--------------------------------------------------------------------------------
  1 | /*!
  2 |  * jQuery twitter bootstrap wizard plugin
  3 |  * Examples and documentation at: http://github.com/VinceG/twitter-bootstrap-wizard
  4 |  * version 1.0
  5 |  * Requires jQuery v1.3.2 or later
  6 |  * Supports Bootstrap 2.2.x, 2.3.x, 3.0
  7 |  * Dual licensed under the MIT and GPL licenses:
  8 |  * http://www.opensource.org/licenses/mit-license.php
  9 |  * http://www.gnu.org/licenses/gpl.html
 10 |  * Authors: Vadim Vincent Gabriel (http://vadimg.com), Jason Gill (www.gilluminate.com)
 11 |  */
 12 | ;(function($) {
 13 | var bootstrapWizardCreate = function(element, options) {
 14 | 	var element = $(element);
 15 | 	var obj = this;
 16 | 
 17 | 	// selector skips any 'li' elements that do not contain a child with a tab data-toggle
 18 | 	var baseItemSelector = 'li:has([data-toggle="tab"])';
 19 | 
 20 | 	// Merge options with defaults
 21 | 	var $settings = $.extend({}, $.fn.bootstrapWizard.defaults, options);
 22 | 	var $activeTab = null;
 23 | 	var $navigation = null;
 24 | 
 25 | 	this.rebindClick = function(selector, fn)
 26 | 	{
 27 | 		selector.unbind('click', fn).bind('click', fn);
 28 | 	}
 29 | 
 30 | 	this.fixNavigationButtons = function() {
 31 | 		// Get the current active tab
 32 | 		if(!$activeTab.length) {
 33 | 			// Select first one
 34 | 			$navigation.find('a:first').tab('show');
 35 | 			$activeTab = $navigation.find(baseItemSelector + ':first');
 36 | 		}
 37 | 
 38 | 		// See if we're currently in the first/last then disable the previous and last buttons
 39 | 		$($settings.previousSelector, element).toggleClass('disabled', (obj.firstIndex() >= obj.currentIndex()));
 40 | 		$($settings.nextSelector, element).toggleClass('disabled', (obj.currentIndex() >= obj.navigationLength()));
 41 | 
 42 | 		// We are unbinding and rebinding to ensure single firing and no double-click errors
 43 | 		obj.rebindClick($($settings.nextSelector, element), obj.next);
 44 | 		obj.rebindClick($($settings.previousSelector, element), obj.previous);
 45 | 		obj.rebindClick($($settings.lastSelector, element), obj.last);
 46 | 		obj.rebindClick($($settings.firstSelector, element), obj.first);
 47 | 
 48 | 		if($settings.onTabShow && typeof $settings.onTabShow === 'function' && $settings.onTabShow($activeTab, $navigation, obj.currentIndex())===false){
 49 | 			return false;
 50 | 		}
 51 | 	};
 52 | 
 53 | 	this.next = function(e) {
 54 | 
 55 | 		// If we clicked the last then dont activate this
 56 | 		if(element.hasClass('last')) {
 57 | 			return false;
 58 | 		}
 59 | 
 60 | 		if($settings.onNext && typeof $settings.onNext === 'function' && $settings.onNext($activeTab, $navigation, obj.nextIndex())===false){
 61 | 			return false;
 62 | 		}
 63 | 
 64 | 		// Did we click the last button
 65 | 		$index = obj.nextIndex();
 66 | 		if($index > obj.navigationLength()) {
 67 | 		} else {
 68 | 			$navigation.find(baseItemSelector + ':eq('+$index+') a').tab('show');
 69 | 		}
 70 | 	};
 71 | 
 72 | 	this.previous = function(e) {
 73 | 
 74 | 		// If we clicked the first then dont activate this
 75 | 		if(element.hasClass('first')) {
 76 | 			return false;
 77 | 		}
 78 | 
 79 | 		if($settings.onPrevious && typeof $settings.onPrevious === 'function' && $settings.onPrevious($activeTab, $navigation, obj.previousIndex())===false){
 80 | 			return false;
 81 | 		}
 82 | 
 83 | 		$index = obj.previousIndex();
 84 | 		if($index < 0) {
 85 | 		} else {
 86 | 			$navigation.find(baseItemSelector + ':eq('+$index+') a').tab('show');
 87 | 		}
 88 | 	};
 89 | 
 90 | 	this.first = function(e) {
 91 | 		if($settings.onFirst && typeof $settings.onFirst === 'function' && $settings.onFirst($activeTab, $navigation, obj.firstIndex())===false){
 92 | 			return false;
 93 | 		}
 94 | 
 95 | 		// If the element is disabled then we won't do anything
 96 | 		if(element.hasClass('disabled')) {
 97 | 			return false;
 98 | 		}
 99 | 		$navigation.find(baseItemSelector + ':eq(0) a').tab('show');
100 | 
101 | 	};
102 | 	this.last = function(e) {
103 | 		if($settings.onLast && typeof $settings.onLast === 'function' && $settings.onLast($activeTab, $navigation, obj.lastIndex())===false){
104 | 			return false;
105 | 		}
106 | 
107 | 		// If the element is disabled then we won't do anything
108 | 		if(element.hasClass('disabled')) {
109 | 			return false;
110 | 		}
111 | 		$navigation.find(baseItemSelector + ':eq('+obj.navigationLength()+') a').tab('show');
112 | 	};
113 | 	this.currentIndex = function() {
114 | 		return $navigation.find(baseItemSelector).index($activeTab);
115 | 	};
116 | 	this.firstIndex = function() {
117 | 		return 0;
118 | 	};
119 | 	this.lastIndex = function() {
120 | 		return obj.navigationLength();
121 | 	};
122 | 	this.getIndex = function(e) {
123 | 		return $navigation.find(baseItemSelector).index(e);
124 | 	};
125 | 	this.nextIndex = function() {
126 | 		return $navigation.find(baseItemSelector).index($activeTab) + 1;
127 | 	};
128 | 	this.previousIndex = function() {
129 | 		return $navigation.find(baseItemSelector).index($activeTab) - 1;
130 | 	};
131 | 	this.navigationLength = function() {
132 | 		return $navigation.find(baseItemSelector).length - 1;
133 | 	};
134 | 	this.activeTab = function() {
135 | 		return $activeTab;
136 | 	};
137 | 	this.nextTab = function() {
138 | 		return $navigation.find(baseItemSelector + ':eq('+(obj.currentIndex()+1)+')').length ? $navigation.find(baseItemSelector + ':eq('+(obj.currentIndex()+1)+')') : null;
139 | 	};
140 | 	this.previousTab = function() {
141 | 		if(obj.currentIndex() <= 0) {
142 | 			return null;
143 | 		}
144 | 		return $navigation.find(baseItemSelector + ':eq('+parseInt(obj.currentIndex()-1)+')');
145 | 	};
146 | 	this.show = function(index) {
147 | 		if (isNaN(index)) {
148 | 			return element.find(baseItemSelector + ' a[href=#' + index + ']').tab('show');
149 | 		}
150 | 		else {
151 | 			return element.find(baseItemSelector + ':eq(' + index + ') a').tab('show');
152 | 		}
153 | 	};
154 | 	this.disable = function(index) {
155 | 		$navigation.find(baseItemSelector + ':eq('+index+')').addClass('disabled');
156 | 	};
157 | 	this.enable = function(index) {
158 | 		$navigation.find(baseItemSelector + ':eq('+index+')').removeClass('disabled');
159 | 	};
160 | 	this.hide = function(index) {
161 | 		$navigation.find(baseItemSelector + ':eq('+index+')').hide();
162 | 	};
163 | 	this.display = function(index) {
164 | 		$navigation.find(baseItemSelector + ':eq('+index+')').show();
165 | 	};
166 | 	this.remove = function(args) {
167 | 		var $index = args[0];
168 | 		var $removeTabPane = typeof args[1] != 'undefined' ? args[1] : false;
169 | 		var $item = $navigation.find(baseItemSelector + ':eq('+$index+')');
170 | 
171 | 		// Remove the tab pane first if needed
172 | 		if($removeTabPane) {
173 | 			var $href = $item.find('a').attr('href');
174 | 			$($href).remove();
175 | 		}
176 | 
177 | 		// Remove menu item
178 | 		$item.remove();
179 | 	};
180 | 
181 | 	var innerTabClick = function (e) {
182 | 		// Get the index of the clicked tab
183 | 		var clickedIndex = $navigation.find(baseItemSelector).index($(e.currentTarget).parent(baseItemSelector));
184 | 		if($settings.onTabClick && typeof $settings.onTabClick === 'function' && $settings.onTabClick($activeTab, $navigation, obj.currentIndex(), clickedIndex)===false){
185 | 			return false;
186 | 		}
187 | 	};
188 | 
189 | 	var innerTabShown = function (e) {  // use shown instead of show to help prevent double firing
190 | 		$element = $(e.target).parent();
191 | 		var nextTab = $navigation.find(baseItemSelector).index($element);
192 | 
193 | 		// If it's disabled then do not change
194 | 		if($element.hasClass('disabled')) {
195 | 			return false;
196 | 		}
197 | 
198 | 		if($settings.onTabChange && typeof $settings.onTabChange === 'function' && $settings.onTabChange($activeTab, $navigation, obj.currentIndex(), nextTab)===false){
199 | 				return false;
200 | 		}
201 | 
202 | 		$activeTab = $element; // activated tab
203 | 		obj.fixNavigationButtons();
204 | 	};
205 | 
206 | 	this.resetWizard = function() {
207 | 
208 | 		// remove the existing handlers
209 | 		$('a[data-toggle="tab"]', $navigation).off('click', innerTabClick);
210 | 		$('a[data-toggle="tab"]', $navigation).off('shown shown.bs.tab', innerTabShown);
211 | 
212 | 		// reset elements based on current state of the DOM
213 | 		$navigation = element.find('ul:first', element);
214 | 		$activeTab = $navigation.find(baseItemSelector + '.active', element);
215 | 
216 | 		// re-add handlers
217 | 		$('a[data-toggle="tab"]', $navigation).on('click', innerTabClick);
218 | 		$('a[data-toggle="tab"]', $navigation).on('shown shown.bs.tab', innerTabShown);
219 | 
220 | 		obj.fixNavigationButtons();
221 | 	};
222 | 
223 | 	$navigation = element.find('ul:first', element);
224 | 	$activeTab = $navigation.find(baseItemSelector + '.active', element);
225 | 
226 | 	if(!$navigation.hasClass($settings.tabClass)) {
227 | 		$navigation.addClass($settings.tabClass);
228 | 	}
229 | 
230 | 	// Load onInit
231 | 	if($settings.onInit && typeof $settings.onInit === 'function'){
232 | 		$settings.onInit($activeTab, $navigation, 0);
233 | 	}
234 | 
235 | 	// Load onShow
236 | 	if($settings.onShow && typeof $settings.onShow === 'function'){
237 | 		$settings.onShow($activeTab, $navigation, obj.nextIndex());
238 | 	}
239 | 
240 | 	$('a[data-toggle="tab"]', $navigation).on('click', innerTabClick);
241 | 
242 | 	// attach to both shown and shown.bs.tab to support Bootstrap versions 2.3.2 and 3.0.0
243 | 	$('a[data-toggle="tab"]', $navigation).on('shown shown.bs.tab', innerTabShown);
244 | };
245 | $.fn.bootstrapWizard = function(options) {
246 | 	//expose methods
247 | 	if (typeof options == 'string') {
248 | 		var args = Array.prototype.slice.call(arguments, 1)
249 | 		if(args.length === 1) {
250 | 			args.toString();
251 | 		}
252 | 		return this.data('bootstrapWizard')[options](args);
253 | 	}
254 | 	return this.each(function(index){
255 | 		var element = $(this);
256 | 		// Return early if this element already has a plugin instance
257 | 		if (element.data('bootstrapWizard')) return;
258 | 		// pass options to plugin constructor
259 | 		var wizard = new bootstrapWizardCreate(element, options);
260 | 		// Store plugin object in this element's data
261 | 		element.data('bootstrapWizard', wizard);
262 | 		// and then trigger initial change
263 | 		wizard.fixNavigationButtons();
264 | 	});
265 | };
266 | 
267 | // expose options
268 | $.fn.bootstrapWizard.defaults = {
269 | 	tabClass:         'nav nav-pills',
270 | 	nextSelector:     '.wizard li.next',
271 | 	previousSelector: '.wizard li.previous',
272 | 	firstSelector:    '.wizard li.first',
273 | 	lastSelector:     '.wizard li.last',
274 | 	onShow:           null,
275 | 	onInit:           null,
276 | 	onNext:           null,
277 | 	onPrevious:       null,
278 | 	onLast:           null,
279 | 	onFirst:          null,
280 | 	onTabChange:      null,
281 | 	onTabClick:       null,
282 | 	onTabShow:        null
283 | };
284 | 
285 | })(jQuery);
286 | 
287 | 
288 | //  Material Design Core Functions
289 | 
290 |  !function(t){function o(t){return"undefined"==typeof t.which?!0:"number"==typeof t.which&&t.which>0?!t.ctrlKey&&!t.metaKey&&!t.altKey&&8!=t.which&&9!=t.which&&13!=t.which&&16!=t.which&&17!=t.which&&20!=t.which&&27!=t.which:!1}function i(o){var i=t(o);i.prop("disabled")||i.closest(".form-group").addClass("is-focused")}function n(o){o.closest("label").hover(function(){var o=t(this).find("input");o.prop("disabled")||i(o)},function(){e(t(this).find("input"))})}function e(o){t(o).closest(".form-group").removeClass("is-focused")}t.expr[":"].notmdproc=function(o){return t(o).data("mdproc")?!1:!0},t.material={options:{validate:!0,input:!0,ripples:!0,checkbox:!0,togglebutton:!0,radio:!0,arrive:!0,autofill:!1,withRipples:[".btn:not(.btn-link)",".card-image",".navbar a:not(.withoutripple)",".footer a:not(.withoutripple)",".dropdown-menu a",".nav-tabs a:not(.withoutripple)",".withripple",".pagination li:not(.active):not(.disabled) a:not(.withoutripple)"].join(","),inputElements:"input.form-control, textarea.form-control, select.form-control",checkboxElements:".checkbox > label > input[type=checkbox]",togglebuttonElements:".togglebutton > label > input[type=checkbox]",radioElements:".radio > label > input[type=radio]"},checkbox:function(o){var i=t(o?o:this.options.checkboxElements).filter(":notmdproc").data("mdproc",!0).after("<span class='checkbox-material'><span class='check'></span></span>");n(i)},togglebutton:function(o){var i=t(o?o:this.options.togglebuttonElements).filter(":notmdproc").data("mdproc",!0).after("<span class='toggle'></span>");n(i)},radio:function(o){var i=t(o?o:this.options.radioElements).filter(":notmdproc").data("mdproc",!0).after("<span class='circle'></span><span class='check'></span>");n(i)},input:function(o){t(o?o:this.options.inputElements).filter(":notmdproc").data("mdproc",!0).each(function(){var o=t(this),i=o.closest(".form-group");0===i.length&&(o.wrap("<div class='form-group'></div>"),i=o.closest(".form-group")),o.attr("data-hint")&&(o.after("<p class='help-block'>"+o.attr("data-hint")+"</p>"),o.removeAttr("data-hint"));var n={"input-lg":"form-group-lg","input-sm":"form-group-sm"};if(t.each(n,function(t,n){o.hasClass(t)&&(o.removeClass(t),i.addClass(n))}),o.hasClass("floating-label")){var e=o.attr("placeholder");o.attr("placeholder",null).removeClass("floating-label");var a=o.attr("id"),r="";a&&(r="for='"+a+"'"),i.addClass("label-floating"),o.after("<label "+r+"class='control-label'>"+e+"</label>")}(null===o.val()||"undefined"==o.val()||""===o.val())&&i.addClass("is-empty"),i.append("<span class='material-input'></span>"),i.find("input[type=file]").length>0&&i.addClass("is-fileinput")})},attachInputEventHandlers:function(){var n=this.options.validate;t(document).on("change",".checkbox input[type=checkbox]",function(){t(this).blur()}).on("keydown paste",".form-control",function(i){o(i)&&t(this).closest(".form-group").removeClass("is-empty")}).on("keyup change",".form-control",function(){var o=t(this),i=o.closest(".form-group"),e="undefined"==typeof o[0].checkValidity||o[0].checkValidity();""===o.val()?i.addClass("is-empty"):i.removeClass("is-empty"),n&&(e?i.removeClass("has-error"):i.addClass("has-error"))}).on("focus",".form-control, .form-group.is-fileinput",function(){i(this)}).on("blur",".form-control, .form-group.is-fileinput",function(){e(this)}).on("change",".form-group input",function(){var o=t(this);if("file"!=o.attr("type")){var i=o.closest(".form-group"),n=o.val();n?i.removeClass("is-empty"):i.addClass("is-empty")}}).on("change",".form-group.is-fileinput input[type='file']",function(){var o=t(this),i=o.closest(".form-group"),n="";t.each(this.files,function(t,o){n+=o.name+", "}),n=n.substring(0,n.length-2),n?i.removeClass("is-empty"):i.addClass("is-empty"),i.find("input.form-control[readonly]").val(n)})},ripples:function(o){t(o?o:this.options.withRipples).ripples()},autofill:function(){var o=setInterval(function(){t("input[type!=checkbox]").each(function(){var o=t(this);o.val()&&o.val()!==o.attr("value")&&o.trigger("change")})},100);setTimeout(function(){clearInterval(o)},1e4)},attachAutofillEventHandlers:function(){var o;t(document).on("focus","input",function(){var i=t(this).parents("form").find("input").not("[type=file]");o=setInterval(function(){i.each(function(){var o=t(this);o.val()!==o.attr("value")&&o.trigger("change")})},100)}).on("blur",".form-group input",function(){clearInterval(o)})},init:function(o){this.options=t.extend({},this.options,o);var i=t(document);t.fn.ripples&&this.options.ripples&&this.ripples(),this.options.input&&(this.input(),this.attachInputEventHandlers()),this.options.checkbox&&this.checkbox(),this.options.togglebutton&&this.togglebutton(),this.options.radio&&this.radio(),this.options.autofill&&(this.autofill(),this.attachAutofillEventHandlers()),document.arrive&&this.options.arrive&&(t.fn.ripples&&this.options.ripples&&i.arrive(this.options.withRipples,function(){t.material.ripples(t(this))}),this.options.input&&i.arrive(this.options.inputElements,function(){t.material.input(t(this))}),this.options.checkbox&&i.arrive(this.options.checkboxElements,function(){t.material.checkbox(t(this))}),this.options.radio&&i.arrive(this.options.radioElements,function(){t.material.radio(t(this))}),this.options.togglebutton&&i.arrive(this.options.togglebuttonElements,function(){t.material.togglebutton(t(this))}))}}}(jQuery),function(t,o,i,n){"use strict";function e(o,i){r=this,this.element=t(o),this.options=t.extend({},s,i),this._defaults=s,this._name=a,this.init()}var a="ripples",r=null,s={};e.prototype.init=function(){var i=this.element;i.on("mousedown touchstart",function(n){if(!r.isTouch()||"mousedown"!==n.type){i.find(".ripple-container").length||i.append('<div class="ripple-container"></div>');var e=i.children(".ripple-container"),a=r.getRelY(e,n),s=r.getRelX(e,n);if(a||s){var l=r.getRipplesColor(i),p=t("<div></div>");p.addClass("ripple").css({left:s,top:a,"background-color":l}),e.append(p),function(){return o.getComputedStyle(p[0]).opacity}(),r.rippleOn(i,p),setTimeout(function(){r.rippleEnd(p)},500),i.on("mouseup mouseleave touchend",function(){p.data("mousedown","off"),"off"===p.data("animating")&&r.rippleOut(p)})}}})},e.prototype.getNewSize=function(t,o){return Math.max(t.outerWidth(),t.outerHeight())/o.outerWidth()*2.5},e.prototype.getRelX=function(t,o){var i=t.offset();return r.isTouch()?(o=o.originalEvent,1===o.touches.length?o.touches[0].pageX-i.left:!1):o.pageX-i.left},e.prototype.getRelY=function(t,o){var i=t.offset();return r.isTouch()?(o=o.originalEvent,1===o.touches.length?o.touches[0].pageY-i.top:!1):o.pageY-i.top},e.prototype.getRipplesColor=function(t){var i=t.data("ripple-color")?t.data("ripple-color"):o.getComputedStyle(t[0]).color;return i},e.prototype.hasTransitionSupport=function(){var t=i.body||i.documentElement,o=t.style,e=o.transition!==n||o.WebkitTransition!==n||o.MozTransition!==n||o.MsTransition!==n||o.OTransition!==n;return e},e.prototype.isTouch=function(){return/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)},e.prototype.rippleEnd=function(t){t.data("animating","off"),"off"===t.data("mousedown")&&r.rippleOut(t)},e.prototype.rippleOut=function(t){t.off(),r.hasTransitionSupport()?t.addClass("ripple-out"):t.animate({opacity:0},100,function(){t.trigger("transitionend")}),t.on("transitionend webkitTransitionEnd oTransitionEnd MSTransitionEnd",function(){t.remove()})},e.prototype.rippleOn=function(t,o){var i=r.getNewSize(t,o);r.hasTransitionSupport()?o.css({"-ms-transform":"scale("+i+")","-moz-transform":"scale("+i+")","-webkit-transform":"scale("+i+")",transform:"scale("+i+")"}).addClass("ripple-on").data("animating","on").data("mousedown","on"):o.animate({width:2*Math.max(t.outerWidth(),t.outerHeight()),height:2*Math.max(t.outerWidth(),t.outerHeight()),"margin-left":-1*Math.max(t.outerWidth(),t.outerHeight()),"margin-top":-1*Math.max(t.outerWidth(),t.outerHeight()),opacity:.2},500,function(){o.trigger("transitionend")})},t.fn.ripples=function(o){return this.each(function(){t.data(this,"plugin_"+a)||t.data(this,"plugin_"+a,new e(this,o))})}}(jQuery,window,document);
291 | 


--------------------------------------------------------------------------------
/python_xxe/static/js/material-bootstrap-wizard.js:
--------------------------------------------------------------------------------
  1 | /*!
  2 | 
  3 |  =========================================================
  4 |  * Material Bootstrap Wizard - v1.0.2
  5 |  =========================================================
  6 |  
  7 |  * Product Page: https://www.creative-tim.com/product/material-bootstrap-wizard
  8 |  * Copyright 2017 Creative Tim (#)
  9 |  * Licensed under MIT (https://github.com/creativetimofficial/material-bootstrap-wizard/blob/master/LICENSE.md)
 10 |  
 11 |  =========================================================
 12 |  
 13 |  * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 14 |  */
 15 | 
 16 | // Material Bootstrap Wizard Functions
 17 | 
 18 | var searchVisible = 0;
 19 | var transparent = true;
 20 | var mobile_device = false;
 21 | 
 22 | $(document).ready(function(){
 23 | 
 24 |     $.material.init();
 25 | 
 26 |     /*  Activate the tooltips      */
 27 |     $('[rel="tooltip"]').tooltip();
 28 | 
 29 |     // Code for the Validator
 30 |     var $validator = $('.wizard-card form').validate({
 31 | 		  rules: {
 32 | 		    firstname: {
 33 | 		      required: true,
 34 | 		      minlength: 3
 35 | 		    },
 36 | 		    lastname: {
 37 | 		      required: true,
 38 | 		      minlength: 3
 39 | 		    },
 40 | 		    email: {
 41 | 		      required: true,
 42 | 		      minlength: 3,
 43 | 		    }
 44 |         },
 45 | 
 46 |         errorPlacement: function(error, element) {
 47 |             $(element).parent('div').addClass('has-error');
 48 |          }
 49 | 	});
 50 | 
 51 |     // Wizard Initialization
 52 |   	$('.wizard-card').bootstrapWizard({
 53 |         'tabClass': 'nav nav-pills',
 54 |         'nextSelector': '.btn-next',
 55 |         'previousSelector': '.btn-previous',
 56 | 
 57 |         onNext: function(tab, navigation, index) {
 58 |         	var $valid = $('.wizard-card form').valid();
 59 |         	if(!$valid) {
 60 |         		$validator.focusInvalid();
 61 |         		return false;
 62 |         	}
 63 |         },
 64 | 
 65 |         onInit : function(tab, navigation, index){
 66 |             //check number of tabs and fill the entire row
 67 |             var $total = navigation.find('li').length;
 68 |             var $wizard = navigation.closest('.wizard-card');
 69 | 
 70 |             $first_li = navigation.find('li:first-child a').html();
 71 |             $moving_div = $('<div class="moving-tab">' + $first_li + '</div>');
 72 |             $('.wizard-card .wizard-navigation').append($moving_div);
 73 | 
 74 |             refreshAnimation($wizard, index);
 75 | 
 76 |             $('.moving-tab').css('transition','transform 0s');
 77 |        },
 78 | 
 79 |         onTabClick : function(tab, navigation, index){
 80 |             var $valid = $('.wizard-card form').valid();
 81 | 
 82 |             if(!$valid){
 83 |                 return false;
 84 |             } else{
 85 |                 return true;
 86 |             }
 87 |         },
 88 | 
 89 |         onTabShow: function(tab, navigation, index) {
 90 |             var $total = navigation.find('li').length;
 91 |             var $current = index+1;
 92 | 
 93 |             var $wizard = navigation.closest('.wizard-card');
 94 | 
 95 |             // If it's the last tab then hide the last button and show the finish instead
 96 |             if($current >= $total) {
 97 |                 $($wizard).find('.btn-next').hide();
 98 |                 $($wizard).find('.btn-finish').show();
 99 |             } else {
100 |                 $($wizard).find('.btn-next').show();
101 |                 $($wizard).find('.btn-finish').hide();
102 |             }
103 | 
104 |             button_text = navigation.find('li:nth-child(' + $current + ') a').html();
105 | 
106 |             setTimeout(function(){
107 |                 $('.moving-tab').text(button_text);
108 |             }, 150);
109 | 
110 |             var checkbox = $('.footer-checkbox');
111 | 
112 |             if( !index == 0 ){
113 |                 $(checkbox).css({
114 |                     'opacity':'0',
115 |                     'visibility':'hidden',
116 |                     'position':'absolute'
117 |                 });
118 |             } else {
119 |                 $(checkbox).css({
120 |                     'opacity':'1',
121 |                     'visibility':'visible'
122 |                 });
123 |             }
124 | 
125 |             refreshAnimation($wizard, index);
126 |         }
127 |   	});
128 | 
129 | 
130 |     // Prepare the preview for profile picture
131 |     $("#wizard-picture").change(function(){
132 |         readURL(this);
133 |     });
134 | 
135 |     $('[data-toggle="wizard-radio"]').click(function(){
136 |         wizard = $(this).closest('.wizard-card');
137 |         wizard.find('[data-toggle="wizard-radio"]').removeClass('active');
138 |         $(this).addClass('active');
139 |         $(wizard).find('[type="radio"]').removeAttr('checked');
140 |         $(this).find('[type="radio"]').attr('checked','true');
141 |     });
142 | 
143 |     $('[data-toggle="wizard-checkbox"]').click(function(){
144 |         if( $(this).hasClass('active')){
145 |             $(this).removeClass('active');
146 |             $(this).find('[type="checkbox"]').removeAttr('checked');
147 |         } else {
148 |             $(this).addClass('active');
149 |             $(this).find('[type="checkbox"]').attr('checked','true');
150 |         }
151 |     });
152 | 
153 |     $('.set-full-height').css('height', 'auto');
154 | 
155 | });
156 | 
157 | 
158 | 
159 |  //Function to show image before upload
160 | 
161 | function readURL(input) {
162 |     if (input.files && input.files[0]) {
163 |         var reader = new FileReader();
164 | 
165 |         reader.onload = function (e) {
166 |             $('#wizardPicturePreview').attr('src', e.target.result).fadeIn('slow');
167 |         }
168 |         reader.readAsDataURL(input.files[0]);
169 |     }
170 | }
171 | 
172 | $(window).resize(function(){
173 |     $('.wizard-card').each(function(){
174 |         $wizard = $(this);
175 | 
176 |         index = $wizard.bootstrapWizard('currentIndex');
177 |         refreshAnimation($wizard, index);
178 | 
179 |         $('.moving-tab').css({
180 |             'transition': 'transform 0s'
181 |         });
182 |     });
183 | });
184 | 
185 | function refreshAnimation($wizard, index){
186 |     $total = $wizard.find('.nav li').length;
187 |     $li_width = 100/$total;
188 | 
189 |     total_steps = $wizard.find('.nav li').length;
190 |     move_distance = $wizard.width() / total_steps;
191 |     index_temp = index;
192 |     vertical_level = 0;
193 | 
194 |     mobile_device = $(document).width() < 600 && $total > 3;
195 | 
196 |     if(mobile_device){
197 |         move_distance = $wizard.width() / 2;
198 |         index_temp = index % 2;
199 |         $li_width = 50;
200 |     }
201 | 
202 |     $wizard.find('.nav li').css('width',$li_width + '%');
203 | 
204 |     step_width = move_distance;
205 |     move_distance = move_distance * index_temp;
206 | 
207 |     $current = index + 1;
208 | 
209 |     if($current == 1 || (mobile_device == true && (index % 2 == 0) )){
210 |         move_distance -= 8;
211 |     } else if($current == total_steps || (mobile_device == true && (index % 2 == 1))){
212 |         move_distance += 8;
213 |     }
214 | 
215 |     if(mobile_device){
216 |         vertical_level = parseInt(index / 2);
217 |         vertical_level = vertical_level * 38;
218 |     }
219 | 
220 |     $wizard.find('.moving-tab').css('width', step_width);
221 |     $('.moving-tab').css({
222 |         'transform':'translate3d(' + move_distance + 'px, ' + vertical_level +  'px, 0)',
223 |         'transition': 'all 0.5s cubic-bezier(0.29, 1.42, 0.79, 1)'
224 | 
225 |     });
226 | }
227 | 
228 | materialDesign = {
229 | 
230 |     checkScrollForTransparentNavbar: debounce(function() {
231 |                 if($(document).scrollTop() > 260 ) {
232 |                     if(transparent) {
233 |                         transparent = false;
234 |                         $('.navbar-color-on-scroll').removeClass('navbar-transparent');
235 |                     }
236 |                 } else {
237 |                     if( !transparent ) {
238 |                         transparent = true;
239 |                         $('.navbar-color-on-scroll').addClass('navbar-transparent');
240 |                     }
241 |                 }
242 |         }, 17)
243 | 
244 | }
245 | 
246 | function debounce(func, wait, immediate) {
247 | 	var timeout;
248 | 	return function() {
249 | 		var context = this, args = arguments;
250 | 		clearTimeout(timeout);
251 | 		timeout = setTimeout(function() {
252 | 			timeout = null;
253 | 			if (!immediate) func.apply(context, args);
254 | 		}, wait);
255 | 		if (immediate && !timeout) func.apply(context, args);
256 | 	};
257 | };
258 | 


--------------------------------------------------------------------------------
/python_xxe/templates/index.html:
--------------------------------------------------------------------------------
  1 | <!doctype html>
  2 | <html lang="en">
  3 | <head>
  4 | 	<meta charset="utf-8" />
  5 | 	<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
  6 | 	<link rel="shortcut icon" href="static/img/favicon.png" type="image/x-icon">
  7 | 
  8 | 	<title>XXE-Lab</title>
  9 | 
 10 | 	<meta content='width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0' name='viewport' />
 11 |     <meta name="viewport" content="width=device-width" />
 12 | 
 13 | 	<link rel="stylesheet" type="text/css" href="static/css/font.css" />
 14 | 	<link href="static/css/bootstrap.min.css" rel="stylesheet" />
 15 | 	<link href="static/css/material-bootstrap-wizard.css" rel="stylesheet" />
 16 | </head>
 17 | 
 18 | <body>
 19 | 	<div class="image-container set-full-height" style="background-color: #272822;">
 20 | 	    <!--   Creative Tim Branding   -->
 21 | 	    <!--   Big container   -->
 22 | 	    <div class="container" style="width: 970px;">
 23 | 	        <div class="row">
 24 | 		        <div class="col-sm-8 col-sm-offset-2">
 25 | 		            <!--      Wizard container        -->
 26 | 		            <div class="wizard-container">
 27 | 		                <div class="card wizard-card" data-color="green" id="wizardProfile">
 28 | 		                    <form>
 29 | 		                    	<div class="wizard-header">
 30 | 		                        	<h3 class="wizard-title">
 31 | 		                        	   <a href="http://github.com/c0ny1/xxe-lab">XXE-Lab for Python</a>
 32 | 		                        	</h3>
 33 | 									<img src="static/img/python_logo.png">
 34 | 		                    	</div>
 35 | 								<div class="wizard-navigation">
 36 | 									<ul>
 37 | 			                            <li><a href="#about" data-toggle="tab">tips:</a></li>
 38 | 			                            <li><a href="javascript:void(0)" ><span style="color:red;" class="msg"></span></a></li>
 39 | 										<li><a href="javascript:void(0)"></a></li>
 40 | 			                        </ul>
 41 | 								</div>
 42 | 
 43 | 		                        <div class="tab-content">
 44 | 		                            <div class="tab-pane" id="about">
 45 | 		                              <div class="row">
 46 | 		                                	<div class="col-sm-6">
 47 | 												<div class="input-group" style="margin-left: 30%;">
 48 | 													<span class="input-group-addon">
 49 | 														<i class="iconfont icon-icon30" style="font-size:25px;"></i>
 50 | 													</span>
 51 | 													<div class="form-group label-floating">
 52 | 			                                          <label class="control-label">UserName</label>
 53 | 			                                          <input id="username" name="username" style="width: 200%;" type="text" class="form-control">
 54 | 			                                        </div>
 55 | 												</div>
 56 | 												<div class="input-group" style="margin-left: 30%;">
 57 | 													<span class="input-group-addon">
 58 | 														<i class="iconfont icon-mima" style="font-size:25px;"></i>
 59 | 													</span>
 60 | 													<div class="form-group label-floating">
 61 | 													  <label class="control-label">Password</label>
 62 | 													  <input id="password" name="password" style="width: 200%;" type="password" class="form-control">
 63 | 													</div>
 64 | 												</div>
 65 | 		                                	</div>
 66 | 		                            	</div>
 67 | 		                            </div>
 68 | 		                            
 69 | 		                            
 70 | 		                        </div>
 71 | 		                        <div class="wizard-footer">
 72 | 		                            <div class="pull-right">
 73 | 		                                <input type='button' class='btn btn-fill btn-success btn-wd' name='next' value='login' onclick="javascript:doLogin()" />
 74 | 		                            </div>
 75 | 
 76 | 		                            <div class="clearfix"></div>
 77 | 		                        </div>
 78 | 		                    </form>
 79 | 		                </div>
 80 | 		            </div> <!-- wizard container -->
 81 | 		        </div>
 82 | 	        </div><!-- end row -->
 83 | 	    </div> <!--  big container -->
 84 | 
 85 | 	    <div class="footer">
 86 | 	        <div class="container text-center">
 87 | 	             Copyright By <a href="http://gv7.me">c0ny1</a>
 88 | 	        </div>
 89 | 	    </div>
 90 | 	</div>
 91 | </body>
 92 | <!--   Core JS Files   -->
 93 | <script src="static/js/jquery-2.2.4.min.js" type="text/javascript"></script>
 94 | <script src="static/js/bootstrap.min.js" type="text/javascript"></script>
 95 | <script src="static/js/jquery.bootstrap.js" type="text/javascript"></script>
 96 | 
 97 | <!--  Plugin for the Wizard -->
 98 | <script src="static/js/material-bootstrap-wizard.js"></script>
 99 | 
100 | <script src="static/js/jquery.validate.min.js"></script>
101 | <script type='text/javascript'> 
102 | function doLogin(){
103 | 	var username = $("#username").val();
104 | 	var password = $("#password").val();
105 | 	if(username == "" || password == ""){
106 | 		alert("Please enter the username and password!");
107 | 		return;
108 | 	}
109 | 	
110 | 	var data = "<user><username>" + username + "</username><password>" + password + "</password></user>"; 
111 |     $.ajax({
112 |         type: "POST",
113 |         url: "doLogin",
114 |         contentType: "application/xml;charset=utf-8",
115 |         data: data,
116 |         dataType: "xml",
117 |         anysc: false,
118 |         success: function (result) {
119 |         	var code = result.getElementsByTagName("code")[0].childNodes[0].nodeValue;
120 |         	var msg = result.getElementsByTagName("msg")[0].childNodes[0].nodeValue;
121 |         	if(code == "0"){
122 |         		$(".msg").text(msg + " login fail!");
123 |         	}else if(code == "1"){
124 |         		$(".msg").text(msg + " login success!");
125 |         	}else{
126 |         		$(".msg").text("error:" + msg);
127 |         	}
128 |         },
129 |         error: function (XMLHttpRequest,textStatus,errorThrown) {
130 |             $(".msg").text(errorThrown + ':' + textStatus);
131 |         }
132 |     }); 
133 | }
134 | </script>
135 | </html>
136 | 


--------------------------------------------------------------------------------
/python_xxe/xxe.py:
--------------------------------------------------------------------------------
 1 | #coding=utf-8
 2 | 
 3 | '''
 4 | autor: c0ny1 and NNanfeng
 5 | date: 2022-11-17
 6 | '''
 7 | 
 8 | from flask import Flask, request, url_for, render_template, redirect
 9 | from xml.dom import minidom
10 | 
11 | app = Flask(__name__)
12 | app.config['DEBUG'] = True
13 | 
14 | USERNAME = 'admin' # 账号
15 | PASSWORD = 'admin' # 密码
16 | 
17 | @app.route("/")
18 | def home():
19 |     return render_template("index.html")
20 | 
21 | @app.route("/doLogin", methods=['POST', 'GET'])
22 | def doLogin():
23 |     result = None
24 |     try:
25 |         DOMTree = minidom.parseString(request.data)
26 |         username = DOMTree.getElementsByTagName("username")
27 |         username = username[0].childNodes[0].nodeValue
28 |         password = DOMTree.getElementsByTagName("password")
29 |         password = password[0].childNodes[0].nodeValue
30 |     
31 |         if username == USERNAME and password == PASSWORD:
32 |             result = "<result><code>%d</code><msg>%s</msg></result>" % (1,username)
33 |         else:
34 |             result = "<result><code>%d</code><msg>%s</msg></result>" % (0,username)
35 |     except Exception as e:
36 |         result = "<result><code>%d</code><msg>%s</msg></result>" % (3,e.message)
37 | 	
38 |     return result,{'Content-Type': 'text/xml;charset=UTF-8'}
39 | 
40 | def prn_obj(obj):
41 |     print ('\n'.join(['%s:%s' % item for item in obj.__dict__.items()]))
42 | 
43 | if __name__ == "__main__":
44 |     app.run()
45 | 	
46 | 
47 | 
48 | 


--------------------------------------------------------------------------------