XXE – XML External Entity Interesting Links

XXE: How to become a Jedi – Yaroslav Babin

https://resources.infosecinstitute.com/finding-and-exploiting-xxe-xml-external-entities-injection/

Playing with Content-Type – XXE on JSON Endpoints

https://blog.bugcrowd.com/advice-from-a-researcher-xxe/

http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html

http://www.attack-secure.com/blog/hacked-facebook-word-document/

http://www.nosuchcon.org/talks/2013/D3_03_Alex&Timur_XML_Out_Of_Band.pdf

http://www.synacktiv.com/ressources/synacktiv_drupal_xxe_services.pdf

http://nerdint.blogspot.hr/2016/08/blind-oob-xxe-at-uber-26-domains-hacked.html

XXE For Fun and Profit – Converting JSON request to XML

https://securitycommunity.tcs.com/infosecsoapbox/articles/2018/02/12/how-json-rest-api-are-prone-xml-external-entity-injections

https://exploitstube.com/xxe-for-fun-and-profit-converting-json-request-to-xml.html

https://hackerone.com/reports/334488

https://hackerone.com/reports/347139

https://hackerone.com/reports/248668

https://hackerone.com/reports/312543

https://hackerone.com/reports/154096

https://hackerone.com/reports/334488

Leave a Reply

Your email address will not be published. Required fields are marked *