Rezultati pretraživanja
  1. 13. pro 2018.

    This little technique can force your blind to output anything you want!

  2. 13. tra 2019.
  3. 18. svi 2018.

    I just published “XXE on Windows system …then what ??” cc

  4. 10. kol 2017.
  5. 28. ruj 2019.

    If you find powerful OXML XXE tool? it's "DOCEM" New post by , , , , , , ,

  6. 19. kol 2018.

    Slides from my talk on "XML External Entity () Attacks" presented at the August and monthly meet on 18th August 2018.

  7. 24. srp 2019.
  8. 31. sij 2019.
  9. a bit of a late night but I finished my post, it's nothing new but it was fun to try out and play with

  10. 11. pro 2018.

    Instead of using SSRF to peer inside a local network, I used an internal vulnerable server to proxy out traffic to the internet to turn my blind XXE into root-level file read access. Read my write-up on

  11. 16. srp 2019.

    Exploiting XXE with local DTDs has never been easier with this new tool that will find local DTDs for you and generate payload stubs! Tool and article by

  12. 5. velj 2018.

    How to bypass WAFs with a multi-encoded document

  13. 4. ruj 2017.

    List of most frequently seen MS XML Parser Errors from Fuzzing .. add to Intruder for regex + error matching.

    MS XML Parser Errors - Frequently Seen - Add to Burp Suite via regex match
    Prikaži ovu nit
  14. 4. ruj 2017.

    Smoke Test for Windows Servers: <!DOCTYPE x [<!ENTITY f SYSTEM ".">]><y><z>&f;</z></y> .. Match on: Access to the path .. denied

    #XXE XML External Entity Injection Smoke Test. This is a simple test for XXE/SSFR for Windows Server
    Prikaži ovu nit
  15. 13. stu 2018.

    Blogged about a found in several programs

  16. HP Project . Risks? Data leaks, DoS attacks, server-side request forgery, etc. @rhinosecuritylabs:

  17. 28. kol 2019.
  18. 22. lip 2019.

    Do you know what to do when you see XML, test for XXE! Its in the OWASP top 10 if you dont know how to exploit it learn it now and get those easy wins. More info on my blog:

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.