Closed nahamsec closed 9 years ago
Quick response. Cool.
Cheers for notifying me on this - I didn't even know about XXE before so its nice to learn something new!
I would have to add that this script was made only to be ran by trusted users (as with any/most file-upload relates scripts).
Good job on the quick fix :+1:! OWASP has really good resources for webapp security. We came across your script and figured it wouldn't hurt much to let you know there's a vulnerability there
Hello, We have came across this script, after an audit, we have confirmed that it's vulnerable to an XXE (https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing).