A somewhat curated list of links to various topics in application security.
| Link | Excerpt | Word Count |
|---|---|---|
| Identifying Xml eXternal Entity vulnerability (XXE) | Here is a small writeup on how a XXE was discover on the website RunKeeper.com. The website, as the name suggest, keep track of your trainings (running, cycling, skying, etc.) The vulnerabilities presented were fixed on June 10th 2014. The website accept the upload of GPX file. | 828 |
| http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html | 0 | |
| enjoiz/XXEinjector | --host Mandatory - our IP address for reverse connections. (--host=192.168.0.2) --file Mandatory - file containing valid HTTP request with xml. You can also mark with "XXEINJECT" a point where DTD should be injected. (--file=/tmp/req. | 528 |
| Get Started with Bugcrowd | Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture. | 16 |
| BuffaloWill/oxml_xxe | This tool is meant to help test XXE vulnerabilities in OXML document file formats. Currently supported: OXML_XXE was written in Ruby using Sinatra, Bootstrap, and Slim. | 137 |
| http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html?utm_source=twitterfeed&utm_medium=twitter | 0 | |
| https://buer.haus/xxegen/ | 0 | |
| http://en.hackdig.com/08/28075.htm | 0 | |
| https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XXE%20injections | 0 | |
| https://blog.zsec.uk/blind-xxe-learning/ | 0 | |
| XXE: How to become a Jedi | The document provides instructions on how to exploit XML external entity (XXE) vulnerabilities and become a more advanced "Jedi" level hacker. | 63 |
| https://blog.zsec.uk/out-of-band-xxe-2/ | 0 | |
| https://www.bugcrowd.com/advice-from-a-bug-hunter-xxe/ | 0 | |
| XXE at Bol.com | Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me: Jonathan@Protozoan.nl Background In the previous reports we learned more about executing code in the browser of a visitor; reflected XSS and stored XSS. | 1792 |
| XXE - XML External Entity Attack | This document discusses XML External Entity (XXE) attacks. It begins with an introduction to XML and DTDs. It then explains how XML entities work and how parsers handle XML. | 8023 |
| https://honoki.net/2018/12/12/from-blind-xxe-to-root-level-file-read-access/ | 0 | |
| Web Security Academy | In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. | 1596 |
| XML External Entity Prevention | An XML eXternal Entity injection (XXE), which is now part of the OWASP Top 10 via the point A4, is attack against applications that parse XML input. This issue is referenced in the ID 611 in the Common Weakness Enumeration referential. | 3997 |
| B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF | Toolkit to detect and keep track on Blind XSS, XXE & SSRF. | 90 |
| payloadbox/xxe-injection-payload-list | In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. | 552 |
| Spilling Local Files via XXE When HTTP OOB Fails | Discovery so while browsing through the application in Burp I realized app uses REST API over JSON at each endpoint. | 1014 |
| payloadbox/xxe-injection-payload-list | In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. | 552 |
| https://pentestmag.com/exploiting-the-entity-xme-xml-external-entity-injection/?fbclid=IwAR3BdIGzzWTE-bfIES2mEqLw5ZRMAjlTY_ZBs-Y0IO9HKf4BHog83GHJovc | 0 | |
| luisfontes19/xxexploiter | It generates the XML payloads, and automatically starts a server to serve the needed DTD's or to do data exfiltration. This is a simple Node application written with typescript. So you can build it as you build other apps: (install node and npm first, if you dont have them) | 641 |
| https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity | 0 | |
| XXE-study/Apps/Php-Haboob-xxe/vulnserver/src/xxe/xxe.php at master · HLOverflow/XXE-study | This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings. - XXE-study/Apps/Php-Haboob-xxe/vulnserver/src/xxe/xxe.php at master · HLOverflow/XXE-study | 0 |
| Advanced XXE Exploitation | Welcome to this 3-hour workshop on XML External Entities (XXE) exploitation! In this workshop, the latest XML eXternal Entities (XXE) and XML related attack vectors will be presented. XXE is a vulnerability that affects any XML parser that evaluates external entities. | 3990 |
| Burp Suite For Pentester: HackBar | Isn’t it a bit time consuming and a boring task to insert a new payload manually every time for a specific vulnerability and check for its response? | 2021 |
| XXE – Things Are Getting Out of Band | This isn’t anything new however has been a long time in writing as I’ve been playing around with things! It is more my take on how to do these types of attacks and how I’ve found different tools to be better than others alongside different techniques being more efficient and generally better. | 1561 |
| vavkamil/awesome-bugbounty-tools | A curated list of various bug bounty tools ReconSubdomain Enumeration Port Scanning Screenshots Technologies Content Discovery Links Parameters Fuzzing ExploitationCommand Injection CORS Misconfiguration CRLF Injection CSRF Injection Directory Traversal File Inclusion GraphQL Injection Header Inject | 4230 |
| https://link.medium.com/SISH5s3Tbdb | 0 | |
| Detecting and Exploiting XXE: AppSec Simplified | Welcome back to AppSec Simplified! Last time, we talked about the fascinating XXE vulnerabilities and how they can affect your application. If you are not already familiar with XXE, please read that post first! Protect your XML parsers against malicious XML documents! | 909 |
| Preventing XXE in Java Applications | Welcome back to AppSec simplified! In this tutorial, we are going to talk about how you can prevent XXE in Java applications. If you are not already familiar with XXE, please read my previous post first! Protect your XML parsers against malicious XML documents! | 1206 |
| https://link.medium.com/RuW3gq0AZfb | 0 | |
| If you find powerful OXML XXE tool? it’s “DOCEM” | XXE 테스트 시 쓸만한 도구 하나 찾아서 공유드립니다. 직접 노가다하거나 기존에 공개됬던 툴보단 훨씬 편리할 것 같습니다. When I tested OXML XXE, OOXML XXE, I used to create payload myself or used this tool. | 1039 |
| 10 Types of Web Vulnerabilities that are Often Missed | Crowdsource hackers Hakluke and Farah Hawa share the top web vulnerabilities that are often missed during security testing. When hunting for bugs, especially on competitive bug bounty programs, it is always best to hunt in a way that invokes the least competition. | 3624 |
| Vulnerabilities due to XML files processing: XXE in C# applications in theory and in practice | How can simple XML files processing turn into a security weakness? How can a blog deployed on your machine cause a data leak? Today we'll find answers to these questions, learn what XXE is and how it looks like. | 3670 |
| https://github.com/rootjkqsta/Blogs-Bug-Bounty/releases/tag/Blog-3 | 0 | |
| How to Protect Text Input from XML External Entity (XXE) Attacks using Python | Effective XML External Entity attacks look to interfere with your application’s processing of serialized data. Without a countermeasure to check XML text strings, such attacks can infect files and wreak havoc on your system internally. | 316 |
| Exploiting XXE for SSRF | Server-Side Request Forgery (SSRF):- SSRF is an attack in which an attacker can force a vulnerable server to trigger malicious requests to third-party servers and or to internal resources. | 202 |
| 11.2 Lab: Exploiting XXE to perform SSRF attacks | 2023 | This lab has a “Check stock” feature that parses XML input and returns any unexpected values in the response. The lab server is running a (simulated) EC2 metadata endpoint at the default URL, which is http://169.254.169.254/. | 319 |