MAL-006: XML External Entity in "Try It" in WSO2 ESB

MAL-007: XML External Entity via Local Registry Entries in WSO2 ESB

Top disclosed reports from HackerOne

Exer is a vuln scanner for specific string

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.

CVE-2019-14678: XML External Entity in SAS XML Mapper

收集了java XXE漏洞的demo及修复方式

《Web安全教程之XXE漏洞》XML External Entity Injection.

List DTDs and generate XXE payloads using those local DTDs.

WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon

CVE-2021-46365: Unsafe XML Parsing in Magnolia CMS

Java web common vulnerabilities and security code which is base on springboot and spring security

A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

Blind XXE Xtractor is a script created for educational purpose to test Blind XXE vulnerabilities in controlled environments, which has support for local and remote websites with XML requests.

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

A sensible no bullshit repo of summaries of reports on hackerone, bugcrowd and alike, that makes straight up sense and make it easy to repeat and automate. This is supposed to serve as my personal reference, but should be a good public index reference for like minded.

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

This project is demonstration of finding and exploiting common web based vulnerabilities like SQL Injection, XSS, Command Injection, Insecure File Upload and more. This project will also contain creating your own home lab with vulnerabilities to exploit using kali linux.

Kirby < 3.9.6 XML External Entity exploit