Videos Exploiting XXE Vulnerabilities In File Parsing Functionality

Published on December 30th, 2015 📆 | 1914 Views ⚑

0

Exploiting XXE Vulnerabilities In File Parsing Functionality



by Willis Vandevanter

In this 25-minute briefing, we will discuss techniques for exploiting XXE vulnerabilities in File Parsing/Upload functionality. Specifically, XML Entity Attacks are well known, but their exploitation inside XML supported file formats such as docx, xlsx, pptx, and others are not. Discussing the technically relevant points step by step, we will use real world examples from products and recent bug bounties. Finally, in our experience, creating ‘XXE backdoored’ files can be a very slow process. We will introduce our battle tested tool for infecting the file formats discussed.


2015-12-30 04:37:34

source

Download WordPress Themes
Free Download WordPress Themes
Download WordPress Themes Free
Download WordPress Themes
free download udemy paid course

Tagged with:



Leave a Reply ✍


loading...