Articles / Blogs:
http://www.christian-schneider.net/GenericXxeDetection.htmlarrow-up-right https://medium.com/@asif.baig330/lithium-community-platform-xxe-vulnerability-6454dd9377f8arrow-up-right
https://gist.github.com/mgeeky/4f726d3b374f0a34267d4f19c9004870arrow-up-right https://blog.zsec.uk/out-of-band-xxe-2/arrow-up-right
https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jediarrow-up-right
https://blog.netspi.com/playing-content-type-xxe-json-endpoints/arrow-up-right
https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/arrow-up-right
https://versprite.com/blog/xml-external-entity-xxe-processing/utm_content=73970973&utm_medium=social&utm_source=twitterarrow-up-right
http://agrawalsmart7.com/2018/11/10/Understanding-XXE-from-Basic-to-Blind.htmlarrow-up-right
https://medium.com/@jonathanbouman/xxe-at-bol-com-7d331186de54arrow-up-right
https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitationarrow-up-right
https://securityidiots.com/Web-Pentest/XXE/XXE-Cheat-Sheet-by-SecurityIdiots.htmlarrow-up-right
https://www.exploit-db.com/docs/english/45374-xml-external-entity-injection---explanation-and-exploitation.pdfarrow-up-right
https://2017.zeronights.org/wpcontent/uploads/materials/ZN17_yarbabin_XXE_Jedi_Babin.pdfarrow-up-right
https://github.com/BuffaloWill/oxml_xxearrow-up-right
https://0xgaurang.medium.com/out-of-band-xxe-in-an-e-commerce-ios-app-e22981f7b59barrow-up-right
https://blog.cobalt.io/how-to-execute-an-xml-external-entity-injection-xxe-5d5c262d5b16arrow-up-right
https://f4d3.io/xxe_wild/arrow-up-right
https://github.com/GoSecure/dtd-finder/blob/698fd678f26395e1c7c097525f7182aecad0cd5f/list/xxe_payloads.mdarrow-up-right
https://www.blackhat.com/html/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.htmlarrow-up-right
https://www.youtube.com/watch?v=LZUlw8hHp44arrow-up-right
https://faun.pub/xxe-attacks-750e91448e8farrow-up-right
https://estebancano.medium.com/unique-xxe-to-aws-keys-journey-afe678989b2barrow-up-right
https://smoggy-mozzarella-076.notion.site/XXE-9d5d3f12a5c4487e82fddf564d792fcdarrow-up-right
https://pwn.vg/articles/2021-06/local-file-read-via-error-based-xxearrow-up-right
Tools / Payloads:
Twitter:
https://twitter.com/huntmost/status/1216033868773580800arrow-up-right
https://twitter.com/soaj1664ashar/status/1080877419723194370arrow-up-right
https://twitter.com/honoki/status/1301092916551659522arrow-up-right
https://twitter.com/Bugcrowd/status/1342184648856616972?s=20arrow-up-right
https://twitter.com/harshbothra_/status/1350891025032646656?s=20arrow-up-right
Last updated 4 years ago
Was this helpful?
