all InfoSec news
Practical Exploitation of XXE(CVE-2018–8033) and Mitigating in Apache OFBiz
March 15, 2024, 12:54 p.m. | Sandeep Vishwakarma
InfoSec Write-ups - Medium infosecwriteups.com
Introduction
In the realm of web applications, security remains a top priority. XXE (XML External Entity) injection vulnerabilities pose a significant threat, enabling attackers to steal sensitive information or disrupt functionalities. This blog post delves into CVE-2018–8033, an XXE vulnerability impacting Apache OFBiz versions before 16.11.04, which could be exploited for file disclosure. We’ll explore XXE and how to mitigate this specific risk.
What is XXE?
XXE vulnerabilities arise when an XML parser processes external entities within an XML document. …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Hack Stories: Hacking Hackers EP:3
3 days, 4 hours ago |
infosecwriteups.com
Mastering Shodan Search Engine
4 days, 5 hours ago |
infosecwriteups.com
Email Verification Bypass via Remember Me
4 days, 5 hours ago |
infosecwriteups.com
Active DNS Recon using AXIOM
4 days, 5 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)
@ WWC Global | Reston, Virginia, United States
Security Architect (DevSecOps)
@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium
Infrastructure Security Architect
@ Ørsted | Kuala Lumpur, MY
Contract Penetration Tester
@ Evolve Security | United States - Remote
Senior Penetration Tester
@ DigitalOcean | Canada