xxe-injection

There are 3 repositories under xxe-injection topic.

• payloadbox / xxe-injection-payload-list

  🎯 XML External Entity (XXE) Injection Payload List

  xxexxe-injectionxxe-payloadsxxe-examplexmlwebsecuritywebsecurity-referenceinfosecbugbountybug-bountyweb-application-securitycybersecuritycyber-securityinformation-securityxml-entitypayloadxxe-payloadxxe-payload-listpayloadshacking
  1024

• TheTwitchy / xxer

  A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.

  xxe-injectioncallbackpython
  Language:Python 508

• whitel1st / docem

  A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

  oxmlxss-injectionxxexxe-injectionbugbountyxss
  Language:Python 477

• YalcinYolalan / WSSAT

  WEB SERVICE SECURITY ASSESSMENT TOOL

  dynamic-testinginformation-disclosurerest-api-scannerrest-api-testscannersecurity-toolssoap-web-servicessqlinjectionstatic-analysisvulnerabilitiesweb-serviceweb-service-scannerweb-service-testxml-bombxssxxe-injection
  Language:C# 385
• Egyscan

  dragonked2 / Egyscan

  Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

  cybersecurityscannervulnerability-scannerscommand-linecross-site-scriptinginjectionpythonrceremotesqlinjectionvulnerabilityvulnerability-detectionxsssql-injection-remote-code-execution-cross-siteremote-code-executionsql-injectioncommand-injectionlfissrfxxe-injection
  Language:Python 194

• HLOverflow / XXE-study

  This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.

  external-entitiesjava-xxe-demophp-xxe-demopython-xxe-demoxml-entityxml-entity-expansionxxexxe-examplexxe-injectionxxe-labsxxe-study
  Language:PHP 94

• kljunowsky / XXElixir

  This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

  bug-bounty-huntersbug-bounty-toolsbugbountypenetrationsecurityfile-uploadpenetration-testingpenetration-testing-toolsxxeowaspxxe-attackxxe-injectionfile-upload-vulnerabilityexploitwebhack
  Language:Python 62

• deanf1 / dotnet-security-unit-tests

  A web application that contains several unit tests for the purpose of .NET security

  securitydotnetxxe-injectionnhibernateinjectioncsharpmicrosoftowaspxpathxqueryxxe
  Language:C# 30

• samuel-knutson / dotnet-xxe-learning-tests

  Quick tests to evaluate the safety of various .NET XML Parsers with respect to XXE injection

  securityxxexxe-injectiondotnetdotnet-corecsharpxml
  Language:C# 8

• hannoch / python-xxe

  Python XXE 漏洞复现 flask作为后台

  python-xxexxe-injectionxxe-payloadsxxepythonflaskflask-application
  Language:CSS 7

• SVelizDonoso / xvwa

  XVWA es una aplicación Web mal Desarrollada en PHP / MySQL que ayuda a los entusiastas de la seguridad a aprender la seguridad de las aplicaciones WEB. No es recomendable alojar esta aplicación en línea, ya que está diseñada para ser "Extremadamente Vulnerable". Recomendamos alojar esta aplicación en un entorno local/controlado. El fin es que puedas agudizar tus habilidades de seguridad, ya que este proyecto es totalmente legal romperlo o piratearlo. La idea es evangelizar la seguridad de las aplicaciones web para la comunidad de la forma más fácil posible. Por favor Aprende y adquiere estas habilidades para un buen propósito.

  phpvulnerabilidadeshackinghackermysqlsqlinyectionxxe-injectionxsscsrf
  Language:JavaScript 7

• FrancescoDiSalesGithub / XXE-gen

  XXE vulnerability creator

  xxexxe-injectionxxe-payloadspentestingpentest-toolpython-hackingpython-hacking-toolspython3
  Language:Python 6

• shinmao / SecurityLearning

  For Web Security

  ssrfxsslfi-exploitationsql-injectionunserializationxxe-injectioncmd-injection-vulns
  Language:JavaScript 6

• devrohaan / kick-off-OWASP_WebApp_Security_Vulnerabilities

  Want to keep your Web application from getting hacked? Here's how to get serious about secure apps. So let's do it! Open Friday, Aug 2016 - Presentation Notes.

  owaspinjectionxss-vulnerabilitysql-injectionvulnerabilitiesxxe-injectionxxe-exampleos-injectionhtml-injectioncrlf-injectionowasp-top-10
  4

• LinuxUser255 / Web-Security-Academy-Series

  Exploit Code, notes, and resources to accompany PortSwiggers' WebAcademy Labs.

  authenticationburpsuitebusiness-logicclickjackingcommand-injectioncsrf-attacksexploitsfileuploadinformation-disclosurepentest-scriptspython3ssrf-toolwebappwebapphackingwebapppentestingxss-exploitationxxe-injectionportswigger-labsportswigger
  Language:Python 4

• no1se2 / WebSec-Toolkit-By-no1se

  A collection of security tools for pentersion testing

  sqlinjectionxssxss-attacksxss-detectionxss-exploitationxss-vulnerabilityxxexxe-attackxxe-injectionxxe-payloads
  Language:Python 4

• cyberintruder / XXE-POC

  XXE POC

  xxe-injectionpenetration-testing
  Language:PHP 3

• M3l0nPan / wordpress-cve-2021-29447

  Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.

  cve-2021-29447exploitpythonwordpressxxexxe-injection
  Language:Python 3

• TheWation / XXESandbox

  The PHP sandbox environment is a Docker-based tool for testing XML processing code, with XXE vulnerabilities demonstrated and security considerations explained.

  xxexxe-examplexxe-injection
  Language:PHP 3

• mrnazu / TryHackMe-CTF-s

  Capture the Flag (CTF) is a cybersecurity competition that is used as a test of security skills.

  bugbountyburpsuitecsrfidoropenredirectrcereconsqlinjectionwebhackingxss-vulnerabilityxxe-injectionctf-writeupstryhackme
  Language:Perl 2
• xxe-injection

  qeeqbox / xxe-injection

  A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files

  metadatavisualizationxxexeexmlinjectionxxe-injectioninfosecsimplifiedqeeqboxvulnerability
  2

• anasbousselham / owlscan

  Web Vulnerability Scanner

  passive-scannerpocsecurity-auditsecurity-automationsecurity-toolssql-injectionssrfvulnerabilityvulnerability-detectionvulnerability-scannersxss-vulnerabilityxxe-injectionowasp
  1

• keven1z / ProtectAgent

  一个JAVA agent来防止XXE、s2-032等攻击

  xxexxe-injectionjavaagents2-032s2-037
  Language:Java 1

• markgacoka / injector

  A web app for injecting code into different file types.

  cybersecurityinjection-attacksxxe-injectionxss-injectionfile-uploadvulnerability-detection
  Language:CSS 1

• northfine / Easy-Ftpserver-By-Python

  ftpserver Tool

  xxe-injectionxxe-payloads
  Language:Python 1

• omurugur / Oracle_CTF_Web_XML_Entity_Exploit

  Oracle CTF Web XML Entity Exploit

  xmlxxexxe-injectionxxe-exampleexploitcveattackoracle
  1

• Subhashis360 / PayloadsAll

  403-bypassfuzzinglogfileopenredirectpayloadpayloadspaylodssqlinjectionssrfsstissti-payloadsxss-attacksxss-exploitationxsspayloadxxe-injectionxxe-payloadsauthbypssdirectrytravarsalphpinjection

• Wh1t3Fox / xxe.page

  XXE Testing Page

  securitysecurity-toolsxxexxe-examplexxe-injectionxxe-payloads
  Language:JavaScript