Open github-actions[bot] opened 8 hours ago
Posted by Andrey Stoykov on Nov 21
# Exploit Title: XXE OOB - fronsetiav1.1
# Date: 11/2024
# Exploit Author: Andrey Stoykov
# Version: 1.1
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-15-oob-xxe.html
XXE OOB
Description:
- It was found that the application was vulnerable XXE (XML External Entity
Injection)
Steps to Reproduce:
1. Add Python3 server to serve malicious XXE payload
2. Add a file on the file system to be read...
https://seclists.org/fulldisclosure/2024/Nov/9
Posted by Andrey Stoykov on Nov 21
# Exploit Title: XXE OOB - fronsetiav1.1
# Date: 11/2024
# Exploit Author: Andrey Stoykov
# Version: 1.1
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2024/11/friday-fun-pentest-series-15-oob-xxe.html
XXE OOB
Description:
- It was found that the application was vulnerable XXE (XML External Entity
Injection)
Steps to Reproduce:
1. Add Python3 server to serve malicious XXE payload
2. Add a file on the file system to be read...
https://seclists.org/fulldisclosure/2024/Nov/9