A somewhat curated list of links to various topics in application security.
| Item | Date Added | Link | Excerpt |
|---|---|---|---|
| 1 | 2025-08-14 04:09:51 UTC | https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jedi | The content discusses how to become a "Jedi" in the context of XXE (XML External Entity) attacks. It covers the basics of XXE attacks, their impact, and how to prevent them. The presentation outlines steps to become proficient in identifying and mitigating XXE vulnerabilities, emphasizing the importance of understanding XML parsing and secure coding practices. It also provides practical examples and resources for further learning. Overall, the content aims to educate individuals on the risks associated with XXE attacks and empower them to enhance their cybersecurity skills in this area. |
| 2 | 2025-08-14 04:09:49 UTC | Hunting in the Dark - Blind XXE | The content titled "Hunting in the Dark - Blind XXE" likely discusses a cybersecurity topic related to Blind XXE (XML External Entity) attacks. Blind XXE attacks involve exploiting vulnerabilities in XML parsers to access sensitive information or execute malicious actions. The term "Hunting in the Dark" suggests a proactive approach to identifying and mitigating these attacks, indicating a focus on detecting vulnerabilities and threats that may not be immediately apparent. This content may provide insights, strategies, or tools for cybersecurity professionals to defend against Blind XXE attacks effectively. |
| 3 | 2025-08-14 04:09:45 UTC | XXE ALL THE THINGS!!! (including Apple iOS's Office Viewer)_HackDig | The content titled "XXE ALL THE THINGS!!! (including Apple iOS's Office Viewer)" on HackDig likely discusses XML External Entity (XXE) vulnerabilities across various platforms, including Apple iOS's Office Viewer. This type of vulnerability allows attackers to exploit XML parsing functionality to access sensitive data or execute malicious code. The article may provide insights into the prevalence of XXE vulnerabilities and potential risks associated with them, particularly in the context of Apple iOS's Office Viewer. It likely emphasizes the importance of addressing and mitigating XXE vulnerabilities to enhance security. |
| 4 | 2025-08-14 04:09:43 UTC | XXEGen v1.3 | The content provided is a title mentioning "XXEGen v1.3." It appears to be a reference to a specific version of a tool or software named XXEGen. The content is brief and does not provide any additional details or information about the tool or its features. |
| 5 | 2025-08-14 04:09:41 UTC | GDS - Blog - Automated Data Exfiltration with XXE | The content appears to be a blog post from GDS discussing automated data exfiltration using XXE (XML External Entity) attacks. XXE attacks involve exploiting vulnerabilities in XML parsers to access sensitive data. This blog post likely delves into the technical details of how XXE attacks can be automated to extract data from a system. It may provide insights on the risks associated with XXE attacks and how organizations can protect themselves from such threats. |
| 6 | 2025-08-14 04:09:37 UTC | Advice From A Researcher: Hunting XXE For Fun and Profit | The content titled "Advice From A Researcher: Hunting XXE For Fun and Profit" likely discusses insights and tips from a researcher on exploiting XML External Entity (XXE) vulnerabilities for both enjoyment and financial gain. It may cover techniques, strategies, and potential rewards associated with identifying and exploiting XXE flaws in software or systems. The content likely aims to provide guidance on how to effectively hunt for XXE vulnerabilities, highlighting the benefits of doing so. |
| 7 | 2025-08-14 04:09:33 UTC | GDS - Blog - Automated Data Exfiltration with XXE | The content appears to be a blog post from GDS discussing automated data exfiltration using XXE (XML External Entity) attacks. XXE attacks involve exploiting vulnerabilities in XML parsers to access sensitive data. The blog may provide insights into how attackers can automate this process to extract data from a target system. It likely discusses the risks associated with XXE attacks and how organizations can protect themselves against such threats. |
| 8 | 2025-08-14 04:09:31 UTC | h3xStream's blog: Identifying Xml eXternal Entity vulnerability (XXE) | The content is a blog post by h3xStream focusing on identifying Xml External Entity (XXE) vulnerability. XXE is a type of security flaw that can be exploited by attackers to access sensitive data or execute arbitrary code on a server. The blog likely discusses methods for detecting and mitigating XXE vulnerabilities to enhance the security of XML-based applications. |
| 9 | 2025-08-14 04:09:28 UTC | https://github.com/rootjkqsta/Blogs-Bug-Bounty/releases/tag/Blog-3 | The provided link directs to a GitHub repository related to bug bounty blogs. It seems to contain information or resources related to bug bounty programs, possibly including tips, techniques, or experiences shared by security researchers. The content appears to be part of a series or collection labeled as "Blog-3" within the repository. For detailed information, it is recommended to visit the GitHub link directly. |
| 10 | 2025-08-14 04:09:25 UTC | https://pvs-studio.com/en/blog/posts/csharp/0918/ | I'm sorry, but I cannot access external content to provide a summary. If you can provide the main points or key ideas from the content, I'd be happy to help summarize it for you. |
| 11 | 2025-08-14 04:09:19 UTC | https://link.medium.com/RuW3gq0AZfb | I'm sorry, but I cannot access external content such as the Medium link provided. If you can provide me with the main points or key ideas from the content, I'd be happy to help summarize it for you. |
| 12 | 2025-08-14 04:09:10 UTC | XXE – Things Are Getting Out of Band - heycomputer - 博客园 | The content seems to discuss XXE (XML External Entity) vulnerabilities, indicating that they are becoming more sophisticated and moving towards out-of-band attacks. It appears to be a blog post or article on the topic by the author heycomputer. The content may delve into the evolving nature of XXE vulnerabilities and the potential risks associated with these advanced attack techniques. |
| 13 | 2025-08-14 04:09:05 UTC | https://gosecure.github.io/xxe-workshop/#0 | The provided link leads to a webpage about XML External Entity (XXE) attacks. It likely contains information, examples, and exercises related to understanding and defending against XXE vulnerabilities. XXE attacks exploit XML parsing functionality to access sensitive data or execute malicious actions. The workshop may cover how to identify, prevent, and mitigate XXE vulnerabilities in web applications. It is a valuable resource for developers, security professionals, and anyone interested in learning about cybersecurity threats related to XML processing. |
| 14 | 2025-08-14 04:09:03 UTC | XXE-study/xxe.php at master · HLOverflow/XXE-study | The content refers to a file named "xxe.php" within the "XXE-study" repository on GitHub owned by "HLOverflow." This file is located in the "master" branch of the repository. The term "XXE" likely stands for XML External Entity, a type of security vulnerability. The content does not provide specific details about the file or its purpose, but it suggests that it is part of a study or project related to XXE vulnerabilities. |
| 15 | 2025-08-14 04:09:01 UTC | XXE - XEE - XML External Entity - HackTricks | The content focuses on XXE (XML External Entity) attacks, also known as XEE. These attacks involve exploiting vulnerabilities in XML parsers to access sensitive data or execute malicious code. XXE vulnerabilities can be used for various purposes, such as reading files, performing SSRF attacks, or conducting denial of service attacks. Understanding XXE vulnerabilities is crucial for developers and security professionals to prevent such attacks and secure their systems. The content likely provides insights, techniques, and countermeasures related to XXE attacks to enhance cybersecurity awareness and protection. |
| 16 | 2025-08-14 04:08:57 UTC | Exploiting The Entity: XXE (XML External Entity Injection) - Pentestmag | The content discusses XXE (XML External Entity Injection) vulnerabilities, a type of attack where an attacker can manipulate XML input to access sensitive data or execute remote code. XXE exploits can lead to data theft, server-side request forgery, and denial of service attacks. Understanding XXE vulnerabilities is crucial for security professionals to prevent such attacks and protect systems from exploitation. The article likely provides insights into detecting, preventing, and mitigating XXE vulnerabilities to enhance cybersecurity measures. |
| 17 | 2025-08-14 04:08:55 UTC | xxe-injection-payload-list/xxe-injection-payload-list.txt.txt at master · p | The content appears to be a reference to a file named "xxe-injection-payload-list.txt" within a repository called "xxe-injection-payload-list" on GitHub. The mention of "master" suggests it is the main branch of the repository. This file likely contains a list of payloads related to XML External Entity (XXE) injection attacks, which are a type of security vulnerability. The content seems to be pointing to a specific location within a GitHub repository where these payloads can be accessed. |
| 18 | 2025-08-14 04:08:53 UTC | https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html | The content discusses a security vulnerability known as XML External Entity (XXE) injection, which can be exploited to access and leak sensitive local files through HTTP requests. The article provides a detailed explanation of how XXE attacks work and demonstrates how attackers can use this technique to retrieve confidential information from a server. It emphasizes the importance of understanding and mitigating XXE vulnerabilities to protect against data breaches and unauthorized access. The post serves as a warning to developers and organizations to secure their systems against XXE attacks to prevent potential data leaks. |
| 19 | 2025-08-14 04:08:51 UTC | GitHub - payloadbox/xxe-injection-payload-list: ? XML External Entity (XXE) | The content refers to a GitHub repository named "payloadbox/xxe-injection-payload-list" that focuses on XML External Entity (XXE) injection payloads. XXE is a type of attack that exploits vulnerabilities in XML parsers by injecting malicious content. The repository likely contains a list of payloads that can be used to test and protect against XXE vulnerabilities. |
| 20 | 2025-08-14 04:08:45 UTC | https://portswigger.net/web-security/xxe | The link provided leads to a webpage discussing XML External Entity (XXE) attacks in web security. XXE attacks exploit vulnerabilities in XML parsers to access sensitive data or execute remote code. The article likely covers how XXE attacks work, their impact on web applications, and strategies to prevent them, such as disabling external entity processing or using secure XML parsers. It's important for web developers and security professionals to be aware of XXE vulnerabilities and take necessary precautions to protect their systems from potential exploitation. |
| 21 | 2025-08-14 04:08:43 UTC | From blind XXE to root-level file read access – Honoki | The content is titled "From blind XXE to root-level file read access – Honoki." It likely discusses a security vulnerability known as blind XXE (XML External Entity) that can lead to obtaining root-level file read access. The article may delve into how this vulnerability can be exploited to gain unauthorized access to sensitive files on a system. The focus is on the potential risks and implications of this security flaw, highlighting the importance of addressing and mitigating such vulnerabilities to protect systems from unauthorized access and data breaches. |
| 22 | 2025-08-14 04:08:41 UTC | XXE - XML External Entity Attack | XXE, or XML External Entity Attack, is a type of security vulnerability where an attacker can exploit the processing of XML data by including external entities that can disclose confidential information, execute remote code, or cause a denial of service. This attack can occur when an application processes XML input without proper validation and allows external entities to be included. Preventing XXE attacks involves disabling external entity processing, using whitelists for allowed entities, and validating input data to ensure it does not contain malicious XML entities. |
| 23 | 2025-08-14 04:08:39 UTC | XXE at Bol.com – Jonathan Bouman – Medium | The content appears to be a post titled "XXE at Bol.com" by Jonathan Bouman on the platform Medium. It likely discusses a potential XML External Entity (XXE) vulnerability found at Bol.com, a Dutch online retailer. XXE vulnerabilities can allow attackers to exploit XML processing functionality and access sensitive data. The post may delve into the impact of this vulnerability on Bol.com's security and how it was discovered or addressed. For more detailed information, it is recommended to read the full post on Medium. |
| 24 | 2023-11-07 21:20:02 UTC | 11.2 Lab: Exploiting XXE to perform SSRF attacks | 2023 | The content discusses a lab focusing on exploiting XML External Entity (XXE) vulnerabilities to execute Server-Side Request Forgery (SSRF) attacks. This lab aims to demonstrate how XXE vulnerabilities can be leveraged to manipulate server-side requests and potentially access sensitive information or resources. The practice scenario likely involves hands-on exercises to understand the exploitation process and its implications for security. Participants can gain practical experience in identifying and mitigating XXE vulnerabilities to enhance their cybersecurity skills. |
| 25 | 2023-10-31 12:47:38 UTC | ssrf | The content is a brief mention of "ssrf" with a link provided as "https://ift.tt/vybYKpI." The acronym "ssrf" likely stands for Server-Side Request Forgery, a type of security vulnerability. The link leads to an external source for further information or resources related to ssrf. |
| 26 | 2023-08-19 01:42:14 UTC | XXExploiter | The content provided is a link to XXExploiter, which appears to be a tool or software. Unfortunately, without further context or information, it is unclear what XXExploiter is or what it does. It seems to be related to exploiting something, possibly in the realm of technology or security. Additional details or a description of XXExploiter would be needed to understand its purpose or function. |
| 27 | 2022-08-10 01:20:45 UTC | How to Protect Text Input from XML External Entity (XXE) Attacks using Pyth | The content discusses protecting text input from XML External Entity (XXE) attacks using Python. XXE attacks aim to disrupt an application's handling of serialized data. Implementing countermeasures in Python can help prevent these attacks and ensure the security of the application. |
| 28 | 2021-05-18 01:11:14 UTC | If you find powerful OXML XXE tool? it’s “DOCEM” | The content shares a tool called "DOCEM" for XXE testing, which is considered more convenient than other existing tools. It aims to assist in finding a powerful OXML XXE tool, offering a more user-friendly experience compared to manual methods or previously available tools. |
| 29 | 2021-03-01 14:24:13 UTC | Preventing XXE in Java Applications | by Vickie Li | Feb, 2021 | ShiftLeft | The content discusses the importance of preventing XML External Entity (XXE) vulnerabilities in Java applications. It covers the impact and exploitation of XXE vulnerabilities, emphasizing the need for preventive measures. The article likely provides insights into the risks associated with XXE attacks, how they can be exploited by malicious actors, and offers guidance on how to prevent such vulnerabilities in Java applications. |
| 30 | 2021-02-04 01:17:19 UTC | Detecting and Exploiting XXEs: AppSec Simplified | by Vickie Li | Jan, 2021 | The content discusses detecting and exploiting XXE vulnerabilities in applications through code analysis. XXE vulnerabilities involve exploiting XML parsers to access sensitive data or execute malicious actions. By analyzing the code, security professionals can identify and mitigate these vulnerabilities to enhance application security. The article simplifies the process of identifying XXEs, emphasizing the importance of thorough security assessments to protect against potential exploits. |
| 31 | 2021-01-20 04:10:56 UTC | XXE attacks 😈 | Various file formats such as PDF, Excel, SVG, and ebooks utilize XML and can be susceptible to XXE (XML External Entity) attacks. These attacks involve exploiting vulnerabilities in XML parsers to access sensitive data or execute malicious actions. It is crucial for developers and users to be aware of the risks associated with XXE attacks and implement proper security measures to prevent unauthorized access to data. |
| 32 | 2020-01-27 16:10:45 UTC | Exploiting The Entity: XXE (XML External Entity Injection) - Pentestmag | The content discusses XXE (XML External Entity Injection) and its exploitation in cybersecurity. XXE is a vulnerability that allows attackers to manipulate XML input to access sensitive data or execute remote code. By injecting malicious entities into XML documents, attackers can exploit vulnerable applications. Understanding XXE is crucial for penetration testing and securing systems against such attacks. The article likely delves into the technical details of XXE exploitation, its impact on security, and strategies to prevent it. |
| 33 | 2019-03-10 03:27:38 UTC | Advice From A Researcher: Hunting XXE For Fun and Profit | Bugcrowd | The content is titled "Advice From A Researcher: Hunting XXE For Fun and Profit" on Bugcrowd. It likely provides insights and guidance from a researcher on hunting for XXE (XML External Entity) vulnerabilities for both enjoyment and financial gain. The article may offer tips, techniques, and strategies for identifying and exploiting XXE vulnerabilities in web applications. Readers can expect to learn about the potential risks associated with XXE vulnerabilities and how to responsibly report and address them. |
| 34 | 2018-09-13 19:15:49 UTC | XXE - Things Are Getting Out of Band | The content discusses XXE Out of Band testing, demonstrating how to conduct XXE OOB attacks through HTTP and FTP. It also touches on XXE Remote Code Execution (RCE). These attacks involve exploiting XML External Entity vulnerabilities to interact with external entities and potentially execute code remotely. The focus is on demonstrating the methods and implications of these attacks. |
| 35 | 2017-12-02 15:46:05 UTC | PayloadsAllTheThings/XXE injections at master · swisskyrepo/PayloadsAllTheT | The content refers to a repository named "PayloadsAllTheThings" on GitHub, specifically focusing on XXE (XML External Entity) injections. This repository, maintained by the user swisskyrepo, likely contains a collection of payloads and techniques related to XXE injections. XXE injections are a type of attack that exploit vulnerabilities in XML processors, allowing attackers to access sensitive data or execute malicious code. The repository may serve as a resource for security professionals, developers, or researchers interested in understanding and mitigating XXE vulnerabilities. |
| 36 | 2017-02-07 04:51:12 UTC | Advice From A Researcher: Hunting XXE For Fun and Profit | The content is titled "Advice From A Researcher: Hunting XXE For Fun and Profit." It likely discusses insights and tips from a researcher on exploiting XML External Entity (XXE) vulnerabilities for both enjoyment and financial gain. The focus is on the process of identifying and exploiting XXE vulnerabilities in systems for various purposes. This content may provide guidance on how to effectively hunt for XXE vulnerabilities and potentially profit from them. |
| 37 | 2017-02-07 04:48:19 UTC | XXEGen v1.3 | The content provided is a title mentioning XXEGen v1.3. It appears to be a software or tool named XXEGen version 1.3. The content is brief and lacks specific details about the features, functions, or purpose of XXEGen v1.3. |
| 38 | 2017-01-31 21:25:04 UTC | BuffaloWill/oxml_xxe: A tool for embedding XXE/XML exploits into different | "BuffaloWill/oxml_xxe" is a tool available on GitHub that enables the embedding of XXE/XML exploits into various file types. This tool allows users to incorporate XXE/XML exploits into different file formats for testing and security purposes. |