| Exploiting Out-of-Band XXE in the Wild |
|
|
|
| Write-up: BlogEngine .NET - 0day Discovery |
|
|
|
| CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus |
|
|
|
| Autodesk Fusion 360 <= 2.0.12887 “Insert SVG” Blind XXE |
|
|
|
| SSD Advisory – Exchange Server GetWacInfo Information Disclosure Vulnerability |
|
|
|
| XXE in SAML SSO Writeup - Bug Bounty |
|
|
|
| A journey from XML External Entity (XXE) to NTLM hashes! |
|
|
|
| CVE-2021-2471 MySQL JDBC XXE |
|
|
|
| Ping'ing XMLSec |
|
|
|
| Multiple Vulnerabilities In cPanel/WHM |
|
|
|
| Blind XXE Leads to Internal Port Scanning Through SSRF |
|
|
|
| XXE in Public Transport Ticketing Mobile APP |
|
|
|
| XXE Case Studies |
|
|
|
| Full Local File Read via Error Based XXE using XLIFF File |
|
|
|
| My first OOB XXE exploitation |
|
|
|
| WordPress 5.7 XXE Vulnerability |
|
|
|
| XXE To AWS Metadata Disclosure |
|
|
|
| Out of Band XXE in an E-commerce IOS app |
|
|
|
| We Hacked Apple for 3 Months: Here’s What We Found |
|
|
|
| Why I paid 3.5K to become a TLD registrar reseller when doing bug bounty |
|
|
|
| h1{Error based XXE - bug bounty writeup} |
|
|
|
| Bug Hunting Stories: Schneider Electric & The Andover Continuum Web.Client |
|
|
|
| XXE-scape through the front door: circumventing the firewall with HTTP request smuggling |
|
|
|
| $5,005 worth vulnerability Duplicated, How I loose $5,005 in a day? Denial of Service - Billion LAUGH Attack (XXE) |
|
|
|
| A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell |
|
|
|
writeups.xyz
/
XXE