Swissky
32d9f7550d
XPATH + XSS + XXE + XSLT
2024-11-30 21:14:51 +01:00
Swissky
98cfc9ce8c
XXE Error Based Local DTD
2024-11-18 12:41:35 +01:00
Swissky
846706b87d
XXE on JSON Endpoints
2024-11-18 10:43:39 +01:00
Swissky
0a5ecc407c
Normalize page header for Web Socket, XSLT, XSS, XXE
2024-11-10 21:15:44 +01:00
Swissky
37641d2b9e
References updated for XPATH, XSLT, XXE, Web Socket
2024-11-07 23:50:30 +01:00
Swissky
9866fef5b4
Bypass CSP, technique from #715
2024-11-02 12:26:45 +01:00
Alexandre ZANNI
6cbf58e5b0
XXE in docx/xlsx: important warning on recompression
2024-10-28 16:18:35 +01:00
Swissky
d5a6811193
Fix typos
2024-09-16 18:05:54 +02:00
Swissky
67adf75bc2
CSP updates + Indirect Prompt Injection
2024-05-29 15:32:58 +02:00
Swissky
87e6f55e16
Error Based XXE - Local DTD
2023-07-18 18:23:34 +02:00
Alexandre ZANNI
3e8a39a87d
xxe - go secure workshop
2023-06-08 10:14:35 +02:00
Alexandre ZANNI
563a1b2a1d
add XXE in Java
2023-01-19 10:23:56 +01:00
Swissky
514ac98dac
SSRF + XSS details + XXE BOM
2022-12-13 22:29:20 +01:00
Swissky
fe41254fde
XXS Public Example + PHP Filter RCE
2022-10-24 12:05:39 +02:00
Swissky
643374e1d7
Add reference
2022-10-05 10:20:05 +02:00
gdraperi
2d03a74555
Update README.md
...
Adding payloads for Citrix and Cisco
2022-10-05 10:06:21 +02:00
Quentin Ligier
6bbdc85aa2
XXE: Improve the documentation
...
- Add two references: "OWASP XXE prevention cheat sheet" and "XXE: How to become a Jedi"
- Describe the Parameters Laugh attack
- Expand the WAF bypass method with UTF-7
- Update the summary
2022-10-03 17:14:22 +02:00
Deep Dhakate
a670a26eea
Update
2022-10-02 06:13:01 +00:00
Markus
46aabc8c8c
Update XXE Injection
...
Slight QOL improvements for the recent changes of the chapter `XXE inside XLSX file`
2021-10-18 10:13:30 +02:00
Alexandre ZANNI
d19b843111
XXE: OOB via FTP + remote DTD for XSLX files
...
better than the HTTP method, must robust approach, easier zip repackaging
2021-10-17 18:00:00 +02:00
gregxsunday
43a9a5d235
improved XXE SVG payloads to be valid XMLs
2021-04-24 14:45:45 +02:00
Swissky
f6b9d63bf8
DCOM exploitation and MSSQL CLR
2021-03-24 22:26:23 +01:00
Jonathan Leitschuh
92667a12a4
Add XXE via DTD file
2021-01-25 11:50:47 -05:00
Alexandre ZANNI
7733d4495e
add another example of XXE in XLSX
2020-12-08 09:50:30 +01:00
ムハンマド
eb75a7e304
XXE WAF Bypass Added
2020-12-04 05:16:37 +03:00
Vincent Gilles
0b90094002
Fix(Docs): Correcting typos on the repo
2020-10-17 22:52:35 +02:00
laxa
b4d9ee0634
Fix typos
2020-09-03 13:57:46 +02:00
bsysop
93f321879f
Typo in Excel extension name
2020-08-11 21:35:36 -03:00
Alexandre ZANNI
7aef550c39
XXE ref. refactor
...
- Add new refs
- Format title with date, author, etc.
- Remove dead hosts:
- agrawalsmart7.com
- esoln.net
2020-06-22 15:53:07 +02:00
Swissky
ac0239d332
Merge pull request #128 from noraj/patch-1
...
XXE: add XXE via SVG rasterization
2019-12-02 22:38:08 +01:00
Alexandre ZANNI
e3604c01d7
XXE: tools description + more tools
2019-11-04 01:58:15 +01:00
Alexandre ZANNI
83f46a22e3
add XXE via SVG rasterization
2019-11-02 00:54:48 +01:00
Alexandre ZANNI
52119907f6
add XXEinjector
2019-10-29 00:41:04 +01:00
Swissky
5094ef8b10
XXE in XLSX
2019-10-28 20:46:19 +01:00
Philippe Arteau
f2beb0dbbc
Add local DTD section to the XXE Injection page
2019-10-01 18:22:42 -04:00
Techbrunch
8822199f65
Add XXE payload inside SVG
...
Source: https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
2019-09-17 16:23:14 +02:00
Swissky
5455c30ec7
Juicy Potato + XXE update
2019-09-08 19:44:51 +02:00
Alexandre ZANNI
66c9d945b7
Update README.md
2019-08-06 17:28:47 +02:00
Swissky
9745e67465
HQL Injection + references update
2019-06-16 23:45:52 +02:00
Aj Dumanhug
fed4bdab90
Add XXE inside SVG
2019-03-24 03:27:12 +08:00
Alexandre ZANNI
333b9ea85e
add XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788)
2019-03-23 15:51:16 +01:00
Swissky
404afd1d71
Fix name's capitalization
2019-03-07 00:07:55 +01:00