Blind XXE attacks – Out of band interaction Techniques (OAST) to exfilterate data

The post covers various techniques by which sensitive data can be exfilterated using out of band interaction in XXE

April 24, 2021

Information Security / OWASP top 10 / Web application

XXE Simplified: The concept, Attacks and Mitigations

XXE remains amongst the one with a critical score on the severity perspective. Why? Being able to read server's sensitive files is where the victim can be fully compromised.

0 Comments

April 14, 2021

HackTheBox / Information Security / linux

Aragog Hackthebox walkthrough

Aragog is a medium level linux machine from hackthebox. Initial foothold is based on exploiting XXE and the privilege escalation requires to log the password by creating a backdoor.

92 Comments

July 21, 2020