blog.zsec.uk
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2025-08-14.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2025-08-14 2025 | Leading the Blind to Light! - A Chain to RCERCE | Writeup detailing a Remote Code Execution (RCE) chain achieved by exploiting an Oracle E-Business Suite instance. The chain begins with an authentication bypass leading to blind XXE, which then facilitates information disclosure. This information is combined with an SQL injection vulnerability on an internal database host, enabling the re-enabling of `xp_cmdshell`. Successful execution of `xp_cmdshell` ultimately grants command execution with Administrator privileges. |
| 2025-08-14 2025 | XXE - Things Are Getting Out of BandXXE | Library for out-of-band XXE attacks, detailing data exfiltration techniques via FTP and HTTP. It covers exploiting vulnerable Java and ASP.NET applications, demonstrating how to craft XML payloads to trigger external requests for sensitive file contents like `/etc/passwd`. The library also briefly touches upon RCE via XXE in ASP.NET by downloading a webshell. |
| 2025-08-14 2025 | Hunting in the Dark - Blind XXEXXE | Writeup detailing blind XXE attacks against a JSON endpoint that parses XML content. The author demonstrates how to identify XML processing by altering the `Content-Type` header and uses error-based responses to perform port scanning on the backend. Techniques explored include exploiting Java-based `UnmarshalException` errors and utilizing Server Side Request Forgery (SSRF) to probe open ports like 8080. |
| 2023-04-13 2023 | WebSockets are a Pain - A Journey in Learning and LeveragingAPI Sec | Library detailing WebSocket communication, its advantages for attackers like real-time data transfer and bypassing proxies, and its handshake process. The entry includes practical applications for Command and Control (C2) infrastructure using tools like Caddy, PowerShell, and native Linux tooling such as websocat, demonstrating how to leverage WebSockets for covert communication and data exfiltration. |
| 2018-09-13 2018 | XXE - Things Are Getting Out of BandXXE | Technique detailing out-of-band XXE attacks, leveraging FTP and HTTP handlers for blind exfiltration of sensitive data like `/etc/passwd`. The technique applies to vulnerable Java versions (<1.7 and sometimes >1.7) and can extend to ASP.NET applications for potential RCE via web shell downloads. |
| 2017-11-19 2017 | Leading the Blind to Light! - A Chain to RCERCE | Writeup detailing a Remote Code Execution chain on Oracle E-Business Suite. The exploit begins with an authentication bypass, leading to blind XXE and information disclosure. This disclosure helps identify an internal endpoint, which through further fuzzing, reveals an SQL injection vulnerability. By re-enabling `xp_cmdshell` via SQL injection, the attacker achieves command execution with administrator privileges. |