#XXE
https://spaceraccoon.dev/a-tale-of-two-formats-exploiting-insecure-xml-and-zip-file-parsers-to-create-a
https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access
https://corben.io/XSS-to-XXE-in-Prince/
https://medium.com/@zain.sabahat/an-interesting-xxe-in-sap-8b35fec6ef33
https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
https://blog.netspi.com/xxe-in-ibms-maas360-platform
https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-paypal-case-study
#bugbountytips,#bugbounty
https://spaceraccoon.dev/a-tale-of-two-formats-exploiting-insecure-xml-and-zip-file-parsers-to-create-a
https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access
https://corben.io/XSS-to-XXE-in-Prince/
https://medium.com/@zain.sabahat/an-interesting-xxe-in-sap-8b35fec6ef33
https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
https://blog.netspi.com/xxe-in-ibms-maas360-platform
https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-paypal-case-study
#bugbountytips,#bugbounty
spaceraccoon.dev
A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If handled naively, this packaging pattern creates additional security…
#XXE
https://spaceraccoon.dev/a-tale-of-two-formats-exploiting-insecure-xml-and-zip-file-parsers-to-create-a
https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
https://github.com/setuid0-sec/Swiss_E-Voting_Publications/blob/master/xxe_setuid0.pdf
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/
https://corben.io/XSS-to-XXE-in-Prince/
https://medium.com/@zain.sabahat/an-interesting-xxe-in-sap-8b35fec6ef33
#bugbounty,#bugbountytips
https://spaceraccoon.dev/a-tale-of-two-formats-exploiting-insecure-xml-and-zip-file-parsers-to-create-a
https://0xatul.github.io/posts/2020/02/external-xml-entity-via-file-upload-svg/
https://mahmoudsec.blogspot.com/2019/08/exploiting-out-of-band-xxe-using.html
https://github.com/setuid0-sec/Swiss_E-Voting_Publications/blob/master/xxe_setuid0.pdf
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/
https://corben.io/XSS-to-XXE-in-Prince/
https://medium.com/@zain.sabahat/an-interesting-xxe-in-sap-8b35fec6ef33
#bugbounty,#bugbountytips
spaceraccoon.dev
A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
While researching a bug bounty target, I came across a web application that processed a custom file type which was actually just a ZIP file that contains an XML that functions as a manifest. If handled naively, this packaging pattern creates additional security…