Making Blind XXE Quicker and Easier By Creating a Script to Exfiltrate Files

00:00 - Introduction, why I created this script and a quick demo
01:00 - Going over XML Entity Injection, doing it manually and explaining what the payloads are
05:30 - Sponsor shoutout, showing Snyk scan the source code to this application and catching the XXE
06:30 - Patching the code, asking Github Copilot for a proper way to fix it and it recommends disabling loading XML Entity off remote sources
09:55 - Making sure Snyk is happy with our code …

application code demo doing easier files injection introduction making scan script snyk source code xml xml entity injection xxe