xxe

#安全#Top disclosed reports from HackerOne

Java web common vulnerabilities and security code which is base on springboot and spring security

翻译 - Java Web常见漏洞和安全代码。

🎯 XML External Entity (XXE) Injection Payload List

List DTDs and generate XXE payloads using those local DTDs.

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

Tool to help exploit XXE vulnerabilities

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

翻译 - RevSuit 是一个灵活而强大的反向连接平台，专为在渗透中接收来自目标主机的连接而设计。

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

A list of useful payloads for Web Application Security and Pentest/CTF

翻译 - Web应用程序安全性和Pentest / CTF有用负载的列表

Security Knowledge Structure(安全知识汇总)

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF ru...

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)

Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.

Go-sec-code is a project for learning Go vulnerability code.

A web application that contains several unit tests for the purpose of .NET security

In this repository I'll host my research and methodologies for auditing vulnerabilities

A cheatsheet for exploiting server-side SVG rasterization.

BlindRef serves as the basis for an automated Blind-Based XXE Exploitation Framework

收集了java XXE漏洞的demo及修复方式