-
XML External Entity
#XXE resources: https://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html … + https://github.com/enjoiz/XXEinjector … + https://github.com/staaldraad/xxeserv … + https://github.com/BuffaloWill/oxml_xxe … + https://github.com/GDSSecurity/xxe-recursive-download … + https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XXE%20injection … + https://isc.sans.edu/diary/Blindly+confirming+XXE/19257 … + https://vsecurity.com//download/papers/XMLDTDEntityAttacks.pdf … +https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jedi …Prikaži ovu nit -
This little technique can force your blind
#XXE to output anything you want! https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ … pic.twitter.com/JDC31VIJoC
-
Exploiting Apache Solr through OpenCMS
#exploit#XXE https://www.shielder.it/blog/exploit-apache-solr-through-opencms/ … -
I just published “XXE on Windows system …then what ??” https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745 …
#XXE cc@topotam77 -
If you find powerful OXML XXE tool? it's "DOCEM" https://ift.tt/2obRlk1 New post by
#hahwul#BugBounty,#BugBountyTips,#Docem,#Hacking,#OXML_XXE,#WebHacking,#XXE,#XXS -
Slides from my talk on "XML External Entity (
#XXE) Attacks" presented at the August@Nullblr and@OWASPBangalore monthly meet on 18th August 2018. https://riyazwalikar.github.io/xxe-talk-null/ -
A Deep Dive into
#XXE Injection https://www.synack.com/blog/a-deep-dive-into-xxe-injection/ … -
#XXE that can Bypass WAF Protection https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0 … -
https://blog.zsec.uk/blind-xxe-learning/ … a bit of a late night but I finished my
#XXE post, it's nothing new but it was fun to try out and play with#PenTest -
Instead of using SSRF to peer inside a local network, I used an internal vulnerable server to proxy out traffic to the internet to turn my blind XXE into root-level file read access. Read my write-up on https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/ …
#bugbounty#ssrf#XXE pic.twitter.com/4kDGmsAHPO
-
Exploiting XXE with local DTDs has never been easier with this new tool that will find local DTDs for you and generate payload stubs! https://hubs.ly/H0jPPCs0 Tool and article by
@h3xstream#xxe#tool#automation#appsec#pentest -
How to bypass WAFs with a multi-encoded document https://mohemiv.com/all/evil-xml/
#wafbypass#xxe pic.twitter.com/HI6N3hGbt6
-
Stealing
#NetNTLM hashes via#XXE Read more: http://wp.me/p3N54q-Bl pic.twitter.com/DP1cMVkZO2
-
#XXE List of most frequently seen MS XML Parser Errors from Fuzzing .. add to Intruder for regex + error matching. https://github.com/xsscx/Commodity-Injection-Signatures/blob/master/xml/ms-xml-parser-errors-in-http-responses.txt …pic.twitter.com/1gM2J2jlnm
Prikaži ovu nit -
#XXE Smoke Test for Windows Servers: <!DOCTYPE x [<!ENTITY f SYSTEM ".">]><y><z>&f;</z></y> .. Match on: Access to the path .. denied pic.twitter.com/aRNCIFCS5r
Prikaži ovu nit -
Blogged about a
#XXE found in several#bugbounty programshttps://link.medium.com/GWMjJ4F7NR -
HP Project
#XXE#zeroday. Risks? Data leaks, DoS attacks, server-side request forgery, etc. @rhinosecuritylabs:http://bit.ly/2CdlDsb -
#Serverless#toolkit for Pentesters: https://blog.ropnop.com/serverless-toolkit-for-pentesters/ …#infosec#hacking#redteam#pentesting or maybe#bugbounty when needed for OOB#XXE#SSRF -
Do you know what to do when you see XML, test for XXE! Its in the OWASP top 10 if you dont know how to exploit it learn it now and get those easy wins. More info on my blog: https://medium.com/@ghostlulzhacks/xml-external-entity-xxe-62bcd1555b7b?postPublishedType=initial …
#BugBounty#BugBountyTip#bugbountytips#xml#redteam#infosec#xxe#osint
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.