Last updated 1 year ago
Exploiting XXE using external entities to retrieve files
Exploiting XXE to perform SSRF attacks
Blind XXE with out-of-band interaction
Blind XXE with out-of-band interaction via XML parameter entities
Exploiting blind XXE to exfiltrate data using a malicious external DTD
Exploiting blind XXE to retrieve data via error messages
Exploiting XInclude to retrieve files
Exploiting XXE via image file upload
Exploiting XXE to retrieve data by repurposing a local DTD
