Feed
Discussions

xxe

xxe

#xxe

2 followers·8 articles

xxe

#xxe·2 followers·8 articles

xxe

Changelog

New steps component and improved accessibility on Hashnode's blog and docs product.

Nov 05, 2024·

new

Trending Articles

STON.fi & Symbiosis: The Future of Cross-Chain DeFi

IKOABASI UWEM UMOANWAN·55 reads

🚀 STON.fi x Symbiosis: Swapping Just Got a Whole Lot Easier!

VANCE 💎·40 reads

STON.fi x TapSwap: A Game-Changer for DeFi Traders

IKOABASI UWEM UMOANWAN·28 reads

Top commenters this week

Writing Challenges

#2Articles1Week Challenge

Become better at technical writing; accept Hashnode's writing challenge for four weeks.

#2Articles1Week Challenge

#WomenWhoTech

Share your story, achievements, or experiences as a woman, non-binary folk in tech or as a #WomenWhoTech ally!

#WomenWhoTech

Self Starter

Publish your first article on Hashnode and become a self starter!

Self Starter

Serial Blogger

Publish an article every day for 7 days and earn a cool serial blogger badge!

Serial Blogger

Talk of the town

Write a story that drives amazing engagement on Hashnode and become the talk of the town!

Talk of the town

Word Warrior

Write an in-depth article on your Hashnode blog that's more than 2000 words and become a word warrior!

Word Warrior

Shreyash Shukla

Shreyash Shukla

Vinayak Mishra

Ugochukwu Ifeanyi

Ugochukwu Ifeanyi

max

Poonam Thakur

J3bitok

jebitok.hashnode.dev·Jan 11, 2025

Jan 11, 2025

The Advent of Cyber: Day 5: XXE - SOC-mas XX-what-ee? (TryHackMe)

In this article, we’ll cover the XXE - SOC-mas XX-what-ee? write-up as the Day 5 challenge of the Advent of Cyber event challenge. It was interesting to navigate Web Security for an e-commerce gifting site using PortSwigger’s XML external entity (XXE...

The Advent of Cyber: Day 5: XXE - SOC-mas XX-what-ee? (TryHackMe)

Discuss·3 reads

Mohanraj R

binarysouljour.me·Dec 05, 2024

Dec 05, 2024

CVE-2024-46455 : XML eXternal Entity vulnerability in unstructured.io <= 0.14.2

Before proceeding I would like to give a shoutout to my awesome friend and colleagueMohit Kwho tagged along in this journey and played a pivotal role. Summary This blog is a result of the applied vulnerability research that we did against open-webui...

CVE-2024-46455 : XML eXternal Entity vulnerability in unstructured.io <= 0.14.2

Discuss·1 like·483 reads

Ohekpeje Joel Odey

Ohekpeje Joel Odey

joelodey.hashnode.dev·Nov 08, 2024

Nov 08, 2024

Lab: Exploiting XXE to perform SSRF attacks

Lab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, ultimately performing SSRF attacks to access sensitive information from a metadata endpoint. By intercepting and manipulating a POST request, we intend to ...

Lab: Exploiting XXE to perform SSRF attacks

Discuss·1 like·9 reads

PortSwigger XML external entity (XXE) injection

Ohekpeje Joel Odey

Ohekpeje Joel Odey

joelodey.hashnode.dev·Apr 29, 2024

Apr 29, 2024

Lab: Exploiting XXE using external entities to retrieve files

Lab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, specifically using external entities to retrieve files. By intercepting and manipulating a POST request, we intend to use XXE to trigger the retrieval of s...

Lab: Exploiting XXE using external entities to retrieve files

Discuss·8 likes·36 reads

PortSwigger XML external entity (XXE) injection

Ohekpeje Joel Odey

Ohekpeje Joel Odey

joelodey.hashnode.dev·Apr 16, 2024

Apr 16, 2024

Lab: Exploiting XInclude to retrieve files

Lab Scenario: Our mission is to exploit XInclude through a web application's "Check stock" feature. By intercepting and manipulating a POST request, we intend to use XInclude to retrieve files from the server. Let's proceed with the solution: Interc...

Lab: Exploiting XInclude to retrieve files

Discuss·6 likes·13 reads

PortSwigger XML external entity (XXE) injection

Ohekpeje Joel Odey

Ohekpeje Joel Odey

joelodey.hashnode.dev·Jan 12, 2024

Jan 12, 2024

Lab: Exploiting XXE via image file upload

Lab Scenario: Our mission is to exploit XXE through an image file upload on a web application. By uploading a crafted SVG image, we intend to reveal the contents of a server file, in this case, /etc/hostname. Let's proceed with the solution: Craftin...

Lab: Exploiting XXE via image file upload

Discuss·10 likes·68 reads

PortSwigger XML external entity (XXE) injection

Cxnsxle

cxnsxle.hashnode.dev·Jul 19, 2023

Jul 19, 2023

XXE Vulnerability

What is XXE? XML external entity injection (XXE) is a web security vulnerability that allows us as attackers to interfere with an application's processing of XML data. It often allows us to view files on the application server filesystem, and to inte...

XXE Vulnerability

Discuss·16 reads

Samuel Addison

samaddy.hashnode.dev·Mar 02, 2023

Mar 02, 2023

XXE Attack: A Guide to Understanding and Prevention

XML External Entity (XXE) Attack is a type of security vulnerability that can allow attackers to steal sensitive information or execute arbitrary code. It is a relatively old attack technique, but it is still relevant today, as it can be found in man...

Discuss·15 reads