xxe

Here are 34 public repositories matching this topic...

blaCCkHatHacEEkr / PENTESTING-BIBLE

Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

Updated Sep 20, 2020

JoyChou93 / java-sec-code

Star

Java web common vulnerabilities and security code which is base on springboot and spring security

java cors security benchmark web code tomcat jsonp rmi rce deserialize sqli ssrf xxe spel

Updated Aug 18, 2020
Java

reddelexc / hackerone-reports

Star

Top disclosed reports from HackerOne

xss rce reports sql-injection csrf writeups bugbounty ssrf hackerone xxe idor

Updated Sep 28, 2020
Python

payloadbox / xxe-injection-payload-list

Star

🎯 XML External Entity (XXE) Injection Payload List

Updated Jan 6, 2020

zer0yu / Berserker

Star

A list of useful payloads for Web Application Security and Pentest/CTF

scanner xss web-application sqli fuzzing ctf pentest intruder xxe

Updated Sep 11, 2020
HTML

JoyChou93 / sks

Star

Security Knowledge Structure(安全知识汇总)

python java php security waf deserialize webshell nginx-lua xxe

Updated Oct 12, 2018

luisfontes19 / xxexploiter

Star

Tool to help exploit XXE vulnerabilities

cdata exploit command xml read file entities external exploitation expect dtd xee ssrf xxe oob exection

Updated Jul 22, 2020
TypeScript

giteshnxtlvl / YourNextBugTip

Star

Collection of Twitter Bug Bounty Tips and Tricks

security twitter bug hacking xss enumeration vulnerability csrf bugbounty pentest bypass ssrf sqlinjection xxe bugbountytips bugbountytricks twitter-tips hacking-tips yournextbugtip

Updated Sep 23, 2020

k8gege / ZimbraExploit

Star

Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)

exploit upload poc rce zimbra ssrf 0day xxe getshell k8cscan cve-2019-9621

Updated May 8, 2019
Ruby

chennqqi / godnslog

Star

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

xss rce vulnerability ssrf rfi xxe dnslog webscan

Updated Sep 4, 2020
Go

ptonewreckin / BlindRef

Star

BlindRef serves as the basis for an automated Blind-Based XXE Exploitation Framework

python blind-xxe xxe

Updated Mar 14, 2017
Python

deanf1 / dotnet-security-unit-tests

Star

A web application that contains several unit tests for the purpose of .NET security

microsoft security csharp dotnet injection owasp xpath xquery nhibernate xxe xxe-injection

Updated Oct 5, 2017
C#

OlivierLaflamme / Auditing-Vulnerabilities

Star

In this repository I'll host my research and methodologies for auditing vulnerabilities

http waf csrf crlf ssrf xxe smuggling auditing-vulnerabilities

Updated Jan 7, 2020
PHP

kmille / pentest-wiki

Star

pwnig all the (web)things

php web reverse-shell xss code-review sql-injection ld-preload xxe file-inclusion template-injection file-uplaod

Updated Apr 20, 2020
PHP

jamieparfet / Apache-OFBiz-XXE

Star

XXE injection (file disclosure) exploit for Apache OFBiz < 16.11.04

exploit apache xxe ofbiz cve-2018-8033

Updated Oct 16, 2018
Python

ztgrace / mole

Star

Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.

python xss penetration-testing infosec appsec security-tools burp-extensions xxe oob

Updated Aug 6, 2020
Python

h0nus / MyPayloads

Star

Just a useless set of payload created by me. Saved here for remembrance.

list web custom xss rce sqli vulnerabilities payload lfi rfi own xxe

Updated Sep 13, 2020

FOGSEC / awesome-web-security

Star

🐶 A curated list of Web Security materials and resources.

shell aws csv sql orm ftp css-animations web-app xss web-application recon modsecurity ssrf web-application-security xxe command-injection sub-domain-enumeration header-injection

Updated Jan 2, 2018

AhmedAyman1196 / AymanSecNotes

Star

This repository contains all my notes. Feel free to use them, share them or modify them.

Updated Aug 31, 2020

HLOverflow / XXE-study

Star

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.

xxe xxe-injection php-xxe-demo python-xxe-demo java-xxe-demo xxe-example xml-entity xml-entity-expansion xxe-labs xxe-study external-entities

Updated Jun 22, 2020
PHP

ziizhuwy / XXEDemo

Star

收集了java XXE漏洞的demo及修复方式

xxe

Updated Mar 26, 2020
Java

mprechtl / information-leakage

Star

A service which is vulnerable to XML External Entity (XXE) attacks.

javaee resteasy server-status xxe xxe-example information-leakage

Updated Nov 11, 2018
Java

hannoch / python-xxe

Star

Python XXE 漏洞复现 flask作为后台

python flask flask-application xxe xxe-injection xxe-payloads python-xxe

Updated Jul 11, 2020
CSS

FOGSEC / Mobile-Security-Framework-MobSF

Star

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

Updated Jan 2, 2018
Python

ziizhuwy / ProtectAgent

Star

一个JAVA agent来防止XXE、s2-032等攻击

java agent xxe xxe-injection s2-032 s2-037

Updated Apr 21, 2020
Java

samuel-knutson / dotnet-xxe-learning-tests

Star

Quick tests to evaluate the safety of various .NET XML Parsers with respect to XXE injection

security csharp dotnet xml dotnet-core xxe xxe-injection

Updated Apr 8, 2020
C#

mrpinghe / xxe-file-enum

Star

Enumerate and exfiltrate files via out of band XXE, for situations where resolved entity is not displayed in the response, and directory listing is not available.

file enumeration pentest exfiltration xxe