There are 6 repositories under xxe topic.
Top disclosed reports from HackerOne
Java web common vulnerabilities and security code which is base on springboot and spring security
🎯 XML External Entity (XXE) Injection Payload List
List DTDs and generate XXE payloads using those local DTDs.
Tool to help exploit XXE vulnerabilities
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.
Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)
This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
Go-sec-code is a project for learning Go vulnerability code.
A web application that contains several unit tests for the purpose of .NET security
In this repository I'll host my research and methodologies for auditing vulnerabilities
A cheatsheet for exploiting server-side SVG rasterization.
BlindRef serves as the basis for an automated Blind-Based XXE Exploitation Framework
pwnig all the (web)things
XXE injection (file disclosure) exploit for Apache OFBiz < 16.11.04
This repository contains all my notes. Feel free to use them, share them or modify them.
XML External Entity Vulnerability Payload List
Quick tests to evaluate the safety of various .NET XML Parsers with respect to XXE injection
Python XXE 漏洞复现 flask作为后台
🐶 A curated list of Web Security materials and resources.
XXE vulnerability creator
A collection of security tools for pentersion testing
A sensible no bullshit repo of summaries of reports on hackerone, bugcrowd and alike, that makes straight up sense and make it easy to repeat and automate. This is supposed to serve as my personal reference, but should be a good public index reference for like minded.
Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.
A service which is vulnerable to XML External Entity (XXE) attacks.
The PHP sandbox environment is a Docker-based tool for testing XML processing code, with XXE vulnerabilities demonstrated and security considerations explained.