wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-04-28 01:15:21 +02:00
Code Issues Releases Activity
1,910 Commits 2 Branches 5 Tags 48 MiB
Commit Graph

33 Commits

Author SHA1 Message Date
Swissky 87e6f55e16 Error Based XXE - Local DTD 2023-07-18 18:23:34 +02:00
Alexandre ZANNI 3e8a39a87d
xxe - go secure workshop 2023-06-08 10:14:35 +02:00
Alexandre ZANNI 563a1b2a1d
add XXE in Java 2023-01-19 10:23:56 +01:00
Swissky 514ac98dac SSRF + XSS details + XXE BOM 2022-12-13 22:29:20 +01:00
Swissky fe41254fde XXS Public Example + PHP Filter RCE 2022-10-24 12:05:39 +02:00
Swissky 643374e1d7
Add reference 2022-10-05 10:20:05 +02:00
gdraperi 2d03a74555
Update README.md 
Adding payloads for Citrix and Cisco
 2022-10-05 10:06:21 +02:00
Quentin Ligier 6bbdc85aa2
XXE: Improve the documentation 
- Add two references: "OWASP XXE prevention cheat sheet" and "XXE: How to become a Jedi"
- Describe the Parameters Laugh attack
- Expand the WAF bypass method with UTF-7
- Update the summary
 2022-10-03 17:14:22 +02:00
Deep Dhakate a670a26eea Update 2022-10-02 06:13:01 +00:00
Markus 46aabc8c8c
Update XXE Injection 
Slight QOL improvements for the recent changes of the chapter `XXE inside XLSX file`
 2021-10-18 10:13:30 +02:00
Alexandre ZANNI d19b843111
XXE: OOB via FTP + remote DTD for XSLX files 
better than the HTTP method, must robust approach, easier zip repackaging
 2021-10-17 18:00:00 +02:00
gregxsunday 43a9a5d235 improved XXE SVG payloads to be valid XMLs 2021-04-24 14:45:45 +02:00
Swissky f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Jonathan Leitschuh 92667a12a4
Add XXE via DTD file 2021-01-25 11:50:47 -05:00
Alexandre ZANNI 7733d4495e
add another example of XXE in XLSX 2020-12-08 09:50:30 +01:00
ムハンマド eb75a7e304
XXE WAF Bypass Added 2020-12-04 05:16:37 +03:00
Vincent Gilles 0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
laxa b4d9ee0634 Fix typos 2020-09-03 13:57:46 +02:00
bsysop 93f321879f
Typo in Excel extension name 2020-08-11 21:35:36 -03:00
Alexandre ZANNI 7aef550c39
XXE ref. refactor 
- Add new refs
- Format title with date, author, etc.
- Remove dead hosts:
  - agrawalsmart7.com
  - esoln.net
 2020-06-22 15:53:07 +02:00
Swissky ac0239d332
Merge pull request #128 from noraj/patch-1 
XXE: add XXE via SVG rasterization
 2019-12-02 22:38:08 +01:00
Alexandre ZANNI e3604c01d7
XXE: tools description + more tools 2019-11-04 01:58:15 +01:00
Alexandre ZANNI 83f46a22e3
add XXE via SVG rasterization 2019-11-02 00:54:48 +01:00
Alexandre ZANNI 52119907f6
add XXEinjector 2019-10-29 00:41:04 +01:00
Swissky 5094ef8b10 XXE in XLSX 2019-10-28 20:46:19 +01:00
Philippe Arteau f2beb0dbbc
Add local DTD section to the XXE Injection page 2019-10-01 18:22:42 -04:00
Techbrunch 8822199f65
Add XXE payload inside SVG 
Source: https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
 2019-09-17 16:23:14 +02:00
Swissky 5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Alexandre ZANNI 66c9d945b7
Update README.md 2019-08-06 17:28:47 +02:00
Swissky 9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Aj Dumanhug fed4bdab90
Add XXE inside SVG 2019-03-24 03:27:12 +08:00
Alexandre ZANNI 333b9ea85e
add XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788) 2019-03-23 15:51:16 +01:00
Swissky 404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00