CVE-2023-4357

This repository contains a functional exploit for CVE-2023-4357, a Chromium XXE vulnerability that allows local file theft via a single-file SVG payload. The exploit leverages a bypass in libxslt's handling of external entities when Chromium processes XSL stylesheets, enabling cross-domain file access.

The repository lacks actual exploit code and only provides setup instructions with a generic web server script. It references an external GitHub repository for details, which is a common tactic in suspicious repos.

The repository contains a PHP script that decodes a base64 string, which appears to be an XML payload, but lacks clear technical details or functional exploit code for CVE-2023-4357. The README is minimal and does not provide any meaningful analysis or context.

This repository contains a functional PoC for CVE-2023-4357, leveraging a malicious SVG file served via a local HTTP server to exploit a vulnerability in Chromium-based browsers. The script automates the launch of Chromium with the `--no-sandbox` flag to trigger the exploit.

This repository contains a functional PoC for CVE-2023-4357, a Chrome XXE vulnerability allowing arbitrary file reads. The server.js file sets up an Express server to serve malicious SVG and XSL files, demonstrating the exploit.

The repository claims to exploit CVE-2023-4357 but contains deceptive PHP code designed to steal SSH keys and system information via XXE and XSLT attacks, unrelated to the stated Chrome vulnerability.