There are 3 repositories under xxe-injection topic.
🎯 XML External Entity (XXE) Injection Payload List
A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.
WEB SERVICE SECURITY ASSESSMENT TOOL
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.
This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
A web application that contains several unit tests for the purpose of .NET security
Quick tests to evaluate the safety of various .NET XML Parsers with respect to XXE injection
Python XXE 漏洞复现 flask作为后台
XVWA es una aplicación Web mal Desarrollada en PHP / MySQL que ayuda a los entusiastas de la seguridad a aprender la seguridad de las aplicaciones WEB. No es recomendable alojar esta aplicación en línea, ya que está diseñada para ser "Extremadamente Vulnerable". Recomendamos alojar esta aplicación en un entorno local/controlado. El fin es que puedas agudizar tus habilidades de seguridad, ya que este proyecto es totalmente legal romperlo o piratearlo. La idea es evangelizar la seguridad de las aplicaciones web para la comunidad de la forma más fácil posible. Por favor Aprende y adquiere estas habilidades para un buen propósito.
XXE vulnerability creator
For Web Security
Exploit Code, notes, and resources to accompany PortSwiggers' WebAcademy Labs.
Want to keep your Web application from getting hacked? Here's how to get serious about secure apps. So let's do it! Open Friday, Aug 2016 - Presentation Notes.
A collection of security tools for pentersion testing
Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.
The PHP sandbox environment is a Docker-based tool for testing XML processing code, with XXE vulnerabilities demonstrated and security considerations explained.
Capture the Flag (CTF) is a cybersecurity competition that is used as a test of security skills.
A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files
Web Vulnerability Scanner
A web app for injecting code into different file types.
Oracle CTF Web XML Entity Exploit
A web crawler and vulnerability scanner tool developed by Rohit Ajariwal
Apache OFBiz 16.11.04 is susceptible to XML external entity injection (XXE injection)