all InfoSec news
Making Blind XXE Quicker and Easier By Creating a Script to Exfiltrate Files
July 16, 2023, 4:21 p.m. | IppSec
IppSec www.youtube.com
01:00 - Going over XML Entity Injection, doing it manually and explaining what the payloads are
05:30 - Sponsor shoutout, showing Snyk scan the source code to this application and catching the XXE
06:30 - Patching the code, asking Github Copilot for a proper way to fix it and it recommends disabling loading XML Entity off remote sources
09:55 - Making sure Snyk is happy with our code …
application code demo doing easier files injection introduction making scan script snyk source code xml xml entity injection xxe
More from www.youtube.com / IppSec
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC