<?php $me = __FILE__; $xml = <<<ENDOFXML <!DOCTYPE root [ <!ENTITY foo SYSTEM "php://filter/convert.base64-encode/resource=$me"> ]> <foo>&foo;</foo> ENDOFXML; echo "libxml version: " . LIBXML_DOTTED_VERSION . "\n\n"; libxml_disable_entity_loader(); $s = simplexml_load_string($xml, null, LIBXML_NOENT); var_dump($s); echo "\n"; var_dump(base64_decode($s));
You have javascript disabled. You will not be able to edit any code.