Exploiting XXE Vulnerabilities In File Parsing Functionality – DigitalMunition




Videos Exploiting XXE Vulnerabilities In File Parsing Functionality

Published on December 30th, 2015 📆 | 4113 Views ⚑

0

Exploiting XXE Vulnerabilities In File Parsing Functionality



by Willis Vandevanter

In this 25-minute briefing, we will discuss techniques for exploiting XXE vulnerabilities in File Parsing/Upload functionality. Specifically, XML Entity Attacks are well known, but their exploitation inside XML supported file formats such as docx, xlsx, pptx, and others are not. Discussing the technically relevant points step by step, we will use real world examples from products and recent bug bounties. Finally, in our experience, creating ‘XXE backdoored’ files can be a very slow process. We will introduce our battle tested tool for infecting the file formats discussed.


2015-12-30 04:37:34

source

Download WordPress Themes Free
Download Best WordPress Themes Free Download
Download Premium WordPress Themes Free
Download Nulled WordPress Themes
udemy paid course free download

Tagged with:



Leave a Reply ✍


loading...