Commit Graph

23 Commits

Author SHA1 Message Date
Alexandre ZANNI
d19b843111
XXE: OOB via FTP + remote DTD for XSLX files
better than the HTTP method, must robust approach, easier zip repackaging
2021-10-17 18:00:00 +02:00
gregxsunday
43a9a5d235 improved XXE SVG payloads to be valid XMLs 2021-04-24 14:45:45 +02:00
Swissky
f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Jonathan Leitschuh
92667a12a4
Add XXE via DTD file 2021-01-25 11:50:47 -05:00
Alexandre ZANNI
7733d4495e
add another example of XXE in XLSX 2020-12-08 09:50:30 +01:00
ムハンマド
eb75a7e304
XXE WAF Bypass Added 2020-12-04 05:16:37 +03:00
Vincent Gilles
0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
laxa
b4d9ee0634 Fix typos 2020-09-03 13:57:46 +02:00
bsysop
93f321879f
Typo in Excel extension name 2020-08-11 21:35:36 -03:00
Alexandre ZANNI
7aef550c39
XXE ref. refactor
- Add new refs
- Format title with date, author, etc.
- Remove dead hosts:
  - agrawalsmart7.com
  - esoln.net
2020-06-22 15:53:07 +02:00
Swissky
ac0239d332
Merge pull request #128 from noraj/patch-1
XXE: add XXE via SVG rasterization
2019-12-02 22:38:08 +01:00
Alexandre ZANNI
e3604c01d7
XXE: tools description + more tools 2019-11-04 01:58:15 +01:00
Alexandre ZANNI
83f46a22e3
add XXE via SVG rasterization 2019-11-02 00:54:48 +01:00
Alexandre ZANNI
52119907f6
add XXEinjector 2019-10-29 00:41:04 +01:00
Swissky
5094ef8b10 XXE in XLSX 2019-10-28 20:46:19 +01:00
Philippe Arteau
f2beb0dbbc
Add local DTD section to the XXE Injection page 2019-10-01 18:22:42 -04:00
Techbrunch
8822199f65
Add XXE payload inside SVG
Source: https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
2019-09-17 16:23:14 +02:00
Swissky
5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Alexandre ZANNI
66c9d945b7
Update README.md 2019-08-06 17:28:47 +02:00
Swissky
9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Aj Dumanhug
fed4bdab90
Add XXE inside SVG 2019-03-24 03:27:12 +08:00
Alexandre ZANNI
333b9ea85e
add XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788) 2019-03-23 15:51:16 +01:00
Swissky
404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00