Mohanraj Rbinarysouljour.me·Dec 5, 2024CVE-2024-46455 : XML eXternal Entity vulnerability in unstructured.io <= 0.14.2Before proceeding I would like to give a shoutout to my awesome friend and colleagueMohit Kwho tagged along in this journey and played a pivotal role. Summary This blog is a result of the applied vulnerability research that we did against open-webui...1 like·420 readsCVE
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Nov 8, 2024Lab: Exploiting XXE to perform SSRF attacksLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, ultimately performing SSRF attacks to access sensitive information from a metadata endpoint. By intercepting and manipulating a POST request, we intend to ...1 likePortSwigger XML external entity (XXE) injectionxxe
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Apr 29, 2024Lab: Exploiting XXE using external entities to retrieve filesLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, specifically using external entities to retrieve files. By intercepting and manipulating a POST request, we intend to use XXE to trigger the retrieval of s...8 likes·36 readsPortSwigger XML external entity (XXE) injectionxxe
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Apr 16, 2024Lab: Exploiting XInclude to retrieve filesLab Scenario: Our mission is to exploit XInclude through a web application's "Check stock" feature. By intercepting and manipulating a POST request, we intend to use XInclude to retrieve files from the server. Let's proceed with the solution: Interc...6 likesPortSwigger XML external entity (XXE) injectionxxe
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Jan 12, 2024Lab: Exploiting XXE via image file uploadLab Scenario: Our mission is to exploit XXE through an image file upload on a web application. By uploading a crafted SVG image, we intend to reveal the contents of a server file, in this case, /etc/hostname. Let's proceed with the solution: Craftin...10 likes·64 readsPortSwigger XML external entity (XXE) injectionxxe
Cxnsxlecxnsxle.hashnode.dev·Jul 19, 2023XXE VulnerabilityWhat is XXE? XML external entity injection (XXE) is a web security vulnerability that allows us as attackers to interfere with an application's processing of XML data. It often allows us to view files on the application server filesystem, and to inte...xml
Samuel Addisonsamaddy.hashnode.dev·Mar 2, 2023XXE Attack: A Guide to Understanding and PreventionXML External Entity (XXE) Attack is a type of security vulnerability that can allow attackers to steal sensitive information or execute arbitrary code. It is a relatively old attack technique, but it is still relevant today, as it can be found in man...xxe
