all InfoSec news
Making Blind XXE Quicker and Easier By Creating a Script to Exfiltrate Files
July 16, 2023, 4:21 p.m. | IppSec
IppSec www.youtube.com
01:00 - Going over XML Entity Injection, doing it manually and explaining what the payloads are
05:30 - Sponsor shoutout, showing Snyk scan the source code to this application and catching the XXE
06:30 - Patching the code, asking Github Copilot for a proper way to fix it and it recommends disabling loading XML Entity off remote sources
09:55 - Making sure Snyk is happy with our code …
application code demo doing easier files injection introduction making scan script snyk source code xml xml entity injection xxe
More from www.youtube.com / IppSec
HackTheBox - Analytics
1 month, 1 week ago |
www.youtube.com
HackTheBox - Manager
1 month, 2 weeks ago |
www.youtube.com
HackTheBox - AppSanity
1 month, 3 weeks ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
Azure DevSecOps Cloud Engineer II
@ Prudent Technology | McLean, VA, USA
Security Engineer III - Python, AWS
@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India
SOC Analyst (Threat Hunter)
@ NCS | Singapore, Singapore
Managed Services Information Security Manager
@ NTT DATA | Sydney, Australia
Senior Security Engineer (Remote)
@ Mattermost | United Kingdom
Penetration Tester (Part Time & Remote)
@ TestPros | United States - Remote