From 8847706138aa3f012981b09d7af45559ce7d8574 Mon Sep 17 00:00:00 2001
From: Alexandre ZANNI <16578570+noraj@users.noreply.github.com>
Date: Mon, 16 Mar 2026 11:49:21 +0100
Subject: [PATCH] XXE zip recompression tips

---
 XXE Injection/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/XXE Injection/README.md b/XXE Injection/README.md
index cb7d559f..4598997d 100644
--- a/XXE Injection/README.md	
+++ b/XXE Injection/README.md	
@@ -591,7 +591,7 @@ cd XXE
 zip -r -u ../xxe.xlsx *
 ```
 
-Warning: Use `zip -u` (<https://infozip.sourceforge.net/Zip.html>) and not `7z u` / `7za u` (<https://p7zip.sourceforge.net/>) or `7zz` (<https://www.7-zip.org/>) because they won't recompress it the same way and many Excel parsing libraries will fail to recognize it as a valid Excel file. A valid  magic byte signature with (`file XXE.xlsx`) will be shown as `Microsoft Excel 2007+` (with `zip -u`) and an invalid one will be shown as `Microsoft OOXML`.
+Warning: Use `zip -u` (<https://infozip.sourceforge.net/Zip.html>) and not `7z u` / `7za u` (<https://p7zip.sourceforge.net/>) or `7zz` (<https://www.7-zip.org/>) because they won't recompress it the same way and many Excel parsing libraries will fail to recognize it as a valid Excel file. A valid  magic byte signature with (`file XXE.xlsx`) will be shown as `Microsoft Excel 2007+` (with `zip -u`) and an invalid one will be shown as `Microsoft OOXML`. Alternatively, with 7z you can specify the correct compression algorithm with: `7z a -tzip` to get the correct signature.
 
 Add your blind XXE payload inside `xl/workbook.xml`.