A somewhat curated list of links to various topics in application security.
| Link | Excerpt |
|---|---|
| If you find powerful OXML XXE tool? it's "DOCEM" | XXE 테스트 시 쓸만한 도구 하나 찾아서 공유드립니다. 직접 노가다하거나 기존에 공개됬던 툴보단 훨씬 편리할 것 같습니다. When I tested OXML XXE, OOXML XXE, I used to create payload myself or used this tool. |
| Preventing XXE in Java Applications | Welcome back to AppSec simplified! In this tutorial, we are going to talk about how you can prevent XXE in Java applications. If you are not already familiar with XXE, please read my previous post first! Protect your XML parsers against malicious XML documents! |
| Detecting and Exploiting XXEs: AppSec Simplified | Welcome back to AppSec Simplified! Last time, we talked about the fascinating XXEs vulnerabilities and how they can affect your application. If you are not already familiar with XXEs, please read that post first! Protect your XML parsers against malicious XML documents! |
| XXE attacks 😈 | XML is probably the most commonly used markup language. It’s organized around tags |
| Exploiting The Entity: XXE (XML External Entity Injection) | In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML External Entity attacks on their major applications. One such vulnerability that has been around for many years is XML external entity injection or XXE. |
| Spilling Local Files via XXE When HTTP OOB Fails | Discovery so while browsing through the application in Burp I realized app uses REST API over JSON at each endpoint. |
| XXE: How to become a Jedi | |
| Web Security Academy | In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. |
| XXE at Bol.com | Are you aware of any (private) bug bounty programs? I would love to get an invite. Please get in touch with me: Jonathan@Protozoan.nl Background In the previous reports we learned more about executing code in the browser of a visitor; reflected XSS and stored XSS. |
| Advice From A Researcher: Hunting XXE For Fun and Profit | About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. |
| XXE - XML External Entity Attack | Upcoming SlideShare Loading in …5 × XXE - XML External Entity Attack 1. Web Application Security - Team bi0s © 2017 XXE XML External Entity 25 February 2017 @Team bi0s 1/25 HEERAJ Btech, Third Year, Computer Science Engineering Amrita University 2. |
| XXE - Things Are Getting Out of Band | This isn't anything new however has been a long time in writing as I've been playing around with things! It is more my take on how to do these types of attacks and how I've found different tools to be better than others alongside different techniques being more efficient and generally better. |
| swisskyrepo/PayloadsAllTheThings | XML External Entity An XML External Entity attack is a type of attack against an application that parses XML input Exploit Basic Test |