随笔分类 - xxe
摘要:Many web and mobile applications rely on web services communication for client-server interaction. Most common data formats for web services are XML,
阅读全文
摘要:在进入正文前,我想告诉大家,文章没有涉及任何XXE攻击的任何新技巧,这只是我遇到的一个案例,我只想分享给大家。 简短的摘要是非常重要的: 在对后台一无所知的情况下发现了一个XXE漏洞,该漏洞没有返回任何数据或者文件,这就是盲打XXE 使用盲打XXE进行基于报错的端口扫描 成功的外部交互正常进行 充分
阅读全文
摘要:https://blog.netspi.com/ XML External Entity (XXE) injection attacks are a simple way to extract files from a remote server via web requests. For easy
阅读全文
摘要:Before getting into the post, this isn’t anything brand new or leet in the area of XML External Entity (XXE) attacks, it is purely something I came ac
阅读全文
摘要:From:https://www.gracefulsecurity.com/xml-external-entity-injection-xxe-vulnerabilities/ Here’s a quick write-up on XXE, starting with how to detect t
阅读全文
摘要:This isn’t anything new however has been a long time in writing as I’ve been playing around with things! It is more my take on how to do these types o
阅读全文
摘要:转自:https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ This little technique can force your blind XXE to output anything you want! Why do we
阅读全文