Commit graph

42 commits

Author SHA1 Message Date
Swissky
32d9f7550d XPATH + XSS + XXE + XSLT 2024-11-30 21:14:51 +01:00
Swissky
98cfc9ce8c XXE Error Based Local DTD 2024-11-18 12:41:35 +01:00
Swissky
846706b87d XXE on JSON Endpoints 2024-11-18 10:43:39 +01:00
Swissky
0a5ecc407c Normalize page header for Web Socket, XSLT, XSS, XXE 2024-11-10 21:15:44 +01:00
Swissky
37641d2b9e References updated for XPATH, XSLT, XXE, Web Socket 2024-11-07 23:50:30 +01:00
Swissky
9866fef5b4 Bypass CSP, technique from #715 2024-11-02 12:26:45 +01:00
Alexandre ZANNI
6cbf58e5b0
XXE in docx/xlsx: important warning on recompression 2024-10-28 16:18:35 +01:00
Swissky
d5a6811193 Fix typos 2024-09-16 18:05:54 +02:00
Swissky
67adf75bc2 CSP updates + Indirect Prompt Injection 2024-05-29 15:32:58 +02:00
Swissky
87e6f55e16 Error Based XXE - Local DTD 2023-07-18 18:23:34 +02:00
Alexandre ZANNI
3e8a39a87d
xxe - go secure workshop 2023-06-08 10:14:35 +02:00
Alexandre ZANNI
563a1b2a1d
add XXE in Java 2023-01-19 10:23:56 +01:00
Swissky
514ac98dac SSRF + XSS details + XXE BOM 2022-12-13 22:29:20 +01:00
Swissky
fe41254fde XXS Public Example + PHP Filter RCE 2022-10-24 12:05:39 +02:00
Swissky
643374e1d7
Add reference 2022-10-05 10:20:05 +02:00
gdraperi
2d03a74555
Update README.md
Adding payloads for Citrix and Cisco
2022-10-05 10:06:21 +02:00
Quentin Ligier
6bbdc85aa2
XXE: Improve the documentation
- Add two references: "OWASP XXE prevention cheat sheet" and "XXE: How to become a Jedi"
- Describe the Parameters Laugh attack
- Expand the WAF bypass method with UTF-7
- Update the summary
2022-10-03 17:14:22 +02:00
Deep Dhakate
a670a26eea Update 2022-10-02 06:13:01 +00:00
Markus
46aabc8c8c
Update XXE Injection
Slight QOL improvements for the recent changes of the chapter `XXE inside XLSX file`
2021-10-18 10:13:30 +02:00
Alexandre ZANNI
d19b843111
XXE: OOB via FTP + remote DTD for XSLX files
better than the HTTP method, must robust approach, easier zip repackaging
2021-10-17 18:00:00 +02:00
gregxsunday
43a9a5d235 improved XXE SVG payloads to be valid XMLs 2021-04-24 14:45:45 +02:00
Swissky
f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Jonathan Leitschuh
92667a12a4
Add XXE via DTD file 2021-01-25 11:50:47 -05:00
Alexandre ZANNI
7733d4495e
add another example of XXE in XLSX 2020-12-08 09:50:30 +01:00
ムハンマド
eb75a7e304
XXE WAF Bypass Added 2020-12-04 05:16:37 +03:00
Vincent Gilles
0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
laxa
b4d9ee0634 Fix typos 2020-09-03 13:57:46 +02:00
bsysop
93f321879f
Typo in Excel extension name 2020-08-11 21:35:36 -03:00
Alexandre ZANNI
7aef550c39
XXE ref. refactor
- Add new refs
- Format title with date, author, etc.
- Remove dead hosts:
  - agrawalsmart7.com
  - esoln.net
2020-06-22 15:53:07 +02:00
Swissky
ac0239d332
Merge pull request #128 from noraj/patch-1
XXE: add XXE via SVG rasterization
2019-12-02 22:38:08 +01:00
Alexandre ZANNI
e3604c01d7
XXE: tools description + more tools 2019-11-04 01:58:15 +01:00
Alexandre ZANNI
83f46a22e3
add XXE via SVG rasterization 2019-11-02 00:54:48 +01:00
Alexandre ZANNI
52119907f6
add XXEinjector 2019-10-29 00:41:04 +01:00
Swissky
5094ef8b10 XXE in XLSX 2019-10-28 20:46:19 +01:00
Philippe Arteau
f2beb0dbbc
Add local DTD section to the XXE Injection page 2019-10-01 18:22:42 -04:00
Techbrunch
8822199f65
Add XXE payload inside SVG
Source: https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
2019-09-17 16:23:14 +02:00
Swissky
5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Alexandre ZANNI
66c9d945b7
Update README.md 2019-08-06 17:28:47 +02:00
Swissky
9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Aj Dumanhug
fed4bdab90
Add XXE inside SVG 2019-03-24 03:27:12 +08:00
Alexandre ZANNI
333b9ea85e
add XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788) 2019-03-23 15:51:16 +01:00
Swissky
404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00