appsec.fyi · Sources

blog.zsec.uk

6 curated AppSec resources from blog.zsec.uk across 3 topics on appsec.fyi.

blog.zsec.uk

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2025-08-14.

XXE 3 RCE 2 API Sec 1
Date Added Resource Excerpt
2025-08-14 2025Leading the Blind to Light! - A Chain to RCERCEThe content titled "Leading the Blind to Light! - A Chain to RCE" suggests guiding individuals towards enlightenment or understanding, possibly related to a concept or process denoted by "RCE." The title implies a journey from darkness to illumination, symbolizing progress or insight.
2025-08-14 2025XXE - Things Are Getting Out of BandXXEThe content appears to be about XXE (XML External Entity) attacks, specifically focusing on "out of band" techniques. This type of attack involves exploiting vulnerabilities in XML processors to access external resources or execute malicious actions. By utilizing out-of-band techniques, attackers can retrieve sensitive data or perform unauthorized operations without directly interacting with the application. This summary highlights the importance of understanding and mitigating XXE vulnerabilities to prevent unauthorized access and protect sensitive information.
2025-08-14 2025Hunting in the Dark - Blind XXEXXEThe content titled "Hunting in the Dark - Blind XXE" likely discusses a cybersecurity topic related to Blind XXE (XML External Entity) attacks. Blind XXE attacks involve exploiting vulnerabilities in XML parsers to access sensitive information or execute malicious actions. The term "Hunting in the Dark" suggests a proactive approach to identifying and mitigating these attacks, indicating a focus on detecting vulnerabilities and threats that may not be immediately apparent. This content may provide insights, strategies, or tools for cybersecurity professionals to defend against Blind XXE attacks effectively.
2023-04-13 2023WebSockets are a Pain - A Journey in Learning and LeveragingAPI SecWebSockets are a Pain - A Journey in Learning and Leveraging https://ift.tt/xhbmRj5
2018-09-13 2018XXE - Things Are Getting Out of BandXXEThe content discusses XXE Out of Band testing, demonstrating how to conduct XXE OOB attacks through HTTP and FTP. It also touches on XXE Remote Code Execution (RCE). These attacks involve exploiting XML External Entity vulnerabilities to interact with external entities and potentially execute code remotely. The focus is on demonstrating the methods and implications of these attacks.
2017-11-19 2017Leading the Blind to Light! - A Chain to RCERCEThe content discusses the process of chaining multiple bugs together to achieve remote code execution (RCE) through diligent work and reconnaissance. By identifying and exploiting vulnerabilities in a sequential manner, attackers can gain control over a system.