Pieter Hiele

If you haven't heard about local DTDs in XXE yet, check it out here: https://github.com/GoSecure/dtd-finder/blob/698fd678f26395e1c7c097525f7182aecad0cd5f/list/xxe_payloads.md

Another cool trick with error-based XXE is to access a file starting with colon (:) to trigger a "no protocol" error.

#xxe #websec

dtd-finder/xxe_payloads.md at 698fd678f26395e1c7c097525f7182aecad0cd5f · GoSecure/dtd-finder

List DTDs and generate XXE payloads using those local DTDs. - dtd-finder/xxe_payloads.md at 698fd678f26395e1c7c097525f7182aecad0cd5f · GoSecure/dtd-finder

GitHub
Nov 24, 2022 at 8:07amWeb