| The Hunt for XXE to LFI: How I Uncovered CVE-2019–9670 in a Bug Bounty Program |
|
|
|
| Why nested deserialization is harmful: Magento XXE (CVE-2024-34102) |
|
|
|
| Getting XXE in Web Browsers using ChatGPT |
|
|
|
| OpenOlat - XML external entity (XXE) injection (CVE-2024-28198) |
|
|
|
| Azure HDInsight: The Sequel – Unveiling 3 New Vulnerabilities That Could Have Led to Privilege Escalations and Denial of Service |
|
|
|
| XML External Entity injection with error-based data exfiltration |
|
|
|
| Exploiting a difficult Out-Of-Band XXE via FTP connections. |
|
|
|
| That time I broke into an API and became a billionaire |
|
|
|
| Discovering and Exploiting a XML External Entity (XXE) Vulnerability in a Public Bug Bounty Program |
|
|
|
| Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet |
|
|
|
| Orbeon Forms: The Final Form? On A Journey To RCE |
|
|
|
| Kirby < 3.9.6 XML External Entity (XXE) vulnerability — CVE-2023-38490 |
|
|
|
| FortiNAC - Just a few more RCEs |
|
|
|
| can I speak to your manager? hacking root EPP servers to take control of zones |
|
|
|
| Vulnerabilities In Apache Commons-Text 1.10.0 |
|
|
|
| Authenticated XXE vulnerability in IBM Tivoli Workload Scheduler CVE-2022-38389 |
|
|
|
| LogicalDOC Vulnerability Disclosure |
|
|
|
| ClamAV Critical Patch Review |
|
|
|
| XXE with Auto-Update in install4j |
|
|
|
| Vulnerabilities due to XML files processing: XXE in C# applications in theory and in practice |
|
|
|
| XML Security in Java |
|
|
|
| CVE-2022-42710: A journey through XXE to Stored-XSS |
|
|
|
| Missing Bricks: Finding Security Holes in LEGO APIs |
|
|
|
| Second Order XXE Exploitation |
|
|
|
| Pwning ManageEngine — From Endpoint to Exploit: A deep dive into CVE-2021–42847 |
|
|
|
writeups.xyz
/
XXE