admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,174 Commits 2 Branches 7 Tags
497fbe925b127d6e396ff55fe8f34c8b9366555f
Commit Graph

47 Commits

Author SHA1 Message Date
Swissky
497fbe925b Archive external reference links via Wayback Machine 
Replace direct URLs in Markdown references with their
web.archive.org equivalents to prevent link rot.
 2026-03-09 13:02:28 +01:00
Swissky
ca50df2336 Fix markdown linting 2025-11-15 17:36:38 +01:00
piranha
aa85b80ace correction of xxe ssrf payload 
remove the % from the payload as it's not a parametrized entity
 2025-09-09 19:16:45 +01:00
hacker
04d498aa3f XXE - Fix typo 2025-03-17 17:02:00 +01:00
Mohsen Barzegar
ad13a3c9e0 Add missing -r flag for xxe excel file rebuilding with zip command 
-r flag is needed to include sub directories in the final archive
 2025-02-16 12:56:20 +03:30
Swissky
32d9f7550d XPATH + XSS + XXE + XSLT 2024-11-30 21:14:51 +01:00
Swissky
98cfc9ce8c XXE Error Based Local DTD 2024-11-18 12:41:35 +01:00
Swissky
846706b87d XXE on JSON Endpoints 2024-11-18 10:43:39 +01:00
Swissky
0a5ecc407c Normalize page header for Web Socket, XSLT, XSS, XXE 2024-11-10 21:15:44 +01:00
Swissky
37641d2b9e References updated for XPATH, XSLT, XXE, Web Socket 2024-11-07 23:50:30 +01:00
Swissky
9866fef5b4 Bypass CSP, technique from #715 2024-11-02 12:26:45 +01:00
Alexandre ZANNI
6cbf58e5b0 XXE in docx/xlsx: important warning on recompression 2024-10-28 16:18:35 +01:00
Swissky
d5a6811193 Fix typos 2024-09-16 18:05:54 +02:00
Swissky
67adf75bc2 CSP updates + Indirect Prompt Injection 2024-05-29 15:32:58 +02:00
Swissky
87e6f55e16 Error Based XXE - Local DTD 2023-07-18 18:23:34 +02:00
Alexandre ZANNI
3e8a39a87d xxe - go secure workshop 2023-06-08 10:14:35 +02:00
Alexandre ZANNI
563a1b2a1d add XXE in Java 2023-01-19 10:23:56 +01:00
Swissky
514ac98dac SSRF + XSS details + XXE BOM 2022-12-13 22:29:20 +01:00
Swissky
fe41254fde XXS Public Example + PHP Filter RCE 2022-10-24 12:05:39 +02:00
Swissky
643374e1d7 Add reference 2022-10-05 10:20:05 +02:00
gdraperi
2d03a74555 Update README.md 
Adding payloads for Citrix and Cisco
 2022-10-05 10:06:21 +02:00
Quentin Ligier
6bbdc85aa2 XXE: Improve the documentation 
- Add two references: "OWASP XXE prevention cheat sheet" and "XXE: How to become a Jedi"
- Describe the Parameters Laugh attack
- Expand the WAF bypass method with UTF-7
- Update the summary
 2022-10-03 17:14:22 +02:00
Deep Dhakate
a670a26eea Update 2022-10-02 06:13:01 +00:00
Markus
46aabc8c8c Update XXE Injection 
Slight QOL improvements for the recent changes of the chapter `XXE inside XLSX file`
 2021-10-18 10:13:30 +02:00
Alexandre ZANNI
d19b843111 XXE: OOB via FTP + remote DTD for XSLX files 
better than the HTTP method, must robust approach, easier zip repackaging
 2021-10-17 18:00:00 +02:00
gregxsunday
43a9a5d235 improved XXE SVG payloads to be valid XMLs 2021-04-24 14:45:45 +02:00
Swissky
f6b9d63bf8 DCOM exploitation and MSSQL CLR 2021-03-24 22:26:23 +01:00
Jonathan Leitschuh
92667a12a4 Add XXE via DTD file 2021-01-25 11:50:47 -05:00
Alexandre ZANNI
7733d4495e add another example of XXE in XLSX 2020-12-08 09:50:30 +01:00
ムハンマド
eb75a7e304 XXE WAF Bypass Added 2020-12-04 05:16:37 +03:00
Vincent Gilles
0b90094002 Fix(Docs): Correcting typos on the repo 2020-10-17 22:52:35 +02:00
laxa
b4d9ee0634 Fix typos 2020-09-03 13:57:46 +02:00
bsysop
93f321879f Typo in Excel extension name 2020-08-11 21:35:36 -03:00
Alexandre ZANNI
7aef550c39 XXE ref. refactor 
- Add new refs
- Format title with date, author, etc.
- Remove dead hosts:
  - agrawalsmart7.com
  - esoln.net
 2020-06-22 15:53:07 +02:00
Swissky
ac0239d332 Merge pull request #128 from noraj/patch-1 
XXE: add XXE via SVG rasterization
 2019-12-02 22:38:08 +01:00
Alexandre ZANNI
e3604c01d7 XXE: tools description + more tools 2019-11-04 01:58:15 +01:00
Alexandre ZANNI
83f46a22e3 add XXE via SVG rasterization 2019-11-02 00:54:48 +01:00
Alexandre ZANNI
52119907f6 add XXEinjector 2019-10-29 00:41:04 +01:00
Swissky
5094ef8b10 XXE in XLSX 2019-10-28 20:46:19 +01:00
Philippe Arteau
f2beb0dbbc Add local DTD section to the XXE Injection page 2019-10-01 18:22:42 -04:00
Techbrunch
8822199f65 Add XXE payload inside SVG 
Source: https://portswigger.net/web-security/xxe/lab-xxe-via-file-upload
 2019-09-17 16:23:14 +02:00
Swissky
5455c30ec7 Juicy Potato + XXE update 2019-09-08 19:44:51 +02:00
Alexandre ZANNI
66c9d945b7 Update README.md 2019-08-06 17:28:47 +02:00
Swissky
9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Aj Dumanhug
fed4bdab90 Add XXE inside SVG 2019-03-24 03:27:12 +08:00
Alexandre ZANNI
333b9ea85e add XXE OOB with Apache Karaf "hot deploy" (CVE-2018-11788) 2019-03-23 15:51:16 +01:00
Swissky
404afd1d71 Fix name's capitalization 2019-03-07 00:07:55 +01:00