GitHub topics: xxe

Repositories

payloadbox/xxe-injection-payload-list

🎯 XML External Entity (XXE) Injection Payload List

Size: 77.1 KB - Last synced at: 2 days ago - Pushed at: 11 months ago - Stars: 1,181 - Forks: 320

areebasaghir311/test-dotnet

A reusable workflow for running tests for .NET projects.

Size: 7.81 KB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 0 - Forks: 0

chennqqi/godnslog

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

Language: Go - Size: 833 KB - Last synced at: 5 days ago - Pushed at: over 1 year ago - Stars: 471 - Forks: 75

0xricksanchez/upfuzz

The Ultimate File Upload Bypass Generator

Language: Python - Size: 1.51 MB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 3 - Forks: 0

dev/xxe-payload-generator

Language: Python - Size: 3.91 KB - Last synced at: 10 days ago - Pushed at: 6 months ago - Stars: 1 - Forks: 1

reddelexc/hackerone-reports

Top disclosed reports from HackerOne

Language: Python - Size: 9.25 MB - Last synced at: 16 days ago - Pushed at: about 2 months ago - Stars: 4,534 - Forks: 825

zer0yu/Berserker

A list of useful payloads for Web Application Security and Pentest/CTF

Language: Python - Size: 236 MB - Last synced at: 11 days ago - Pushed at: 10 months ago - Stars: 303 - Forks: 57

GoSecure/dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

Language: Kotlin - Size: 1.96 MB - Last synced at: 13 days ago - Pushed at: over 1 year ago - Stars: 629 - Forks: 110

JoyChou93/java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

Language: Java - Size: 457 KB - Last synced at: 16 days ago - Pushed at: 6 months ago - Stars: 2,513 - Forks: 679

KIRAN-KUMAR-K3/vulnerability-payload-lists

A curated repository of categorized payloads for testing and exploiting common web vulnerabilities in ethical hacking and penetration testing.

Size: 91.8 KB - Last synced at: 23 days ago - Pushed at: 23 days ago - Stars: 0 - Forks: 0

ASTTeam/XXE

《Web安全教程之XXE漏洞》XML External Entity Injection.

Size: 6.84 KB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 11 - Forks: 0

A comprehensive Python package for XML External Entity (XXE) security testing and analysis. This package provides tools for security researchers and ethical hackers to identify and analyze XXE vulnerabilities in XML processing systems.

Language: Python - Size: 13.7 KB - Last synced at: 21 days ago - Pushed at: 4 months ago - Stars: 1 - Forks: 0

rohitajariwal/web-app-security-scanner

A web crawler and vulnerability scanner tool developed by Rohit Ajariwal

Language: Python - Size: 32.2 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 1 - Forks: 1

JoyChou93/sks

Security Knowledge Structure(安全知识汇总)

Size: 12.7 KB - Last synced at: 26 days ago - Pushed at: over 6 years ago - Stars: 242 - Forks: 59

whitel1st/docem

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

Language: Python - Size: 616 KB - Last synced at: 2 months ago - Pushed at: over 1 year ago - Stars: 597 - Forks: 96

luisfontes19/xxexploiter

Tool to help exploit XXE vulnerabilities

Language: TypeScript - Size: 1.32 MB - Last synced at: 2 months ago - Pushed at: over 2 years ago - Stars: 556 - Forks: 69

Ngoakorataba/DNSLog

DNSLog Dashboard 是一个基于 Rust 的 DNS 日志记录平台，集成了 DNS 服务和 Web 仪表盘，主要用于捕获和记录 DNS 查询日志。该项目支持自动注册用户、生成唯一子域名以及实时展示 DNS 日志，适用于安全测试、信息外传及漏洞验证等场景。

Language: Rust - Size: 9.77 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

k8gege/ZimbraExploit

Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)

Language: Ruby - Size: 52.7 KB - Last synced at: about 1 month ago - Pushed at: over 2 years ago - Stars: 74 - Forks: 41

cokeBeer/go-sec-code

Go-sec-code is a project for learning Go vulnerability code.

Language: Go - Size: 648 KB - Last synced at: 2 months ago - Pushed at: about 2 years ago - Stars: 37 - Forks: 6

wubinworks/magento2-cosmic-sting-patch

An alternative solution(as a Magento 2 extension) to fix the XXE vulnerability CVE-2024-34102(aka Cosmic Sting). If you cannot upgrade Magento or cannot apply the official patch, try this one.

Language: PHP - Size: 17.6 KB - Last synced at: 27 days ago - Pushed at: 4 months ago - Stars: 1 - Forks: 0

holmes-py/reports-summary

A sensible no bullshit repo of summaries of reports on hackerone, bugcrowd and alike, that makes straight up sense and make it easy to repeat and automate. This is supposed to serve as my personal reference, but should be a good public index reference for like minded.

Size: 56.6 KB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 6 - Forks: 1

wubinworks/magento2-enhanced-xml-security

A replacement of `\Magento\Framework\Xml\Security` for Magento 2 with enhanced XML Security.

Language: PHP - Size: 9.77 KB - Last synced at: 3 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 1

Li4n0/revsuit

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

Language: Go - Size: 17.2 MB - Last synced at: 7 months ago - Pushed at: about 2 years ago - Stars: 518 - Forks: 62

M3l0nPan/wordpress-cve-2021-29447

Exploit WordPress Media Library XML External Entity Injection (XXE) to exfiltrate files.

Language: Python - Size: 4.88 KB - Last synced at: 27 days ago - Pushed at: over 2 years ago - Stars: 4 - Forks: 0

BLACK-BUG-HKRS/XAT

XXE Attack Tool

Language: Go - Size: 33.2 KB - Last synced at: 5 months ago - Pushed at: over 2 years ago - Stars: 3 - Forks: 1

000pp/arbimz

🔥 Arbimz is a python tool created to exploit the vulnerability on Zimbra assigned as CVE-2019-9670.

Language: Python - Size: 375 KB - Last synced at: about 1 month ago - Pushed at: almost 3 years ago - Stars: 4 - Forks: 2

ztgrace/mole

Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.

Language: Python - Size: 136 KB - Last synced at: 7 months ago - Pushed at: almost 5 years ago - Stars: 56 - Forks: 18

Kr1shna02/Portswigger_Labs

This repository includes my write-ups on popular web attacks from Portswigger Labs.

Size: 15.6 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 0 - Forks: 0

Cappricio-Securities/CVE-2019-9670

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.

Language: Python - Size: 18.6 KB - Last synced at: about 2 months ago - Pushed at: 12 months ago - Stars: 0 - Forks: 0

mbadanoiu/CVE-2021-42560

CVE-2021-42560: Unsafe XML Parsing in MITRE Caldera

Size: 232 KB - Last synced at: 8 days ago - Pushed at: 12 months ago - Stars: 0 - Forks: 0

FrancescoDiSalesGithub/XXE-gen

XXE vulnerability creator

Language: Python - Size: 19.5 KB - Last synced at: 2 months ago - Pushed at: over 3 years ago - Stars: 6 - Forks: 1

Zierax/Exer-Vuln-Scanner

Exer is a vuln scanner for specific string

Language: Python - Size: 7.81 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

mbadanoiu/CVE-2019-14678

CVE-2019-14678: XML External Entity in SAS XML Mapper

Size: 1.58 MB - Last synced at: 3 months ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

keven1z/XXEDemo

收集了java XXE漏洞的demo及修复方式

Language: Java - Size: 4.88 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 16 - Forks: 3

mbadanoiu/WSO2-2020-0731

WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon

Size: 4.6 MB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

mbadanoiu/CVE-2021-46365

CVE-2021-46365: Unsafe XML Parsing in Magnolia CMS

Size: 499 KB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

qeeqbox/xxe-injection

A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files

Size: 97.7 KB - Last synced at: 3 months ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0

FOGSEC/awesome-web-security Fork of R3dFruitRollUp/awesome-web-security

🐶 A curated list of Web Security materials and resources.

Size: 122 KB - Last synced at: over 1 year ago - Pushed at: over 7 years ago - Stars: 6 - Forks: 0

FOGSEC/Mobile-Security-Framework-MobSF Fork of R3dFruitRollUp/Mobile-Security-Framework-MobSF

Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

Language: Python - Size: 206 MB - Last synced at: over 1 year ago - Pushed at: over 7 years ago - Stars: 3 - Forks: 2

mys3quel/Blind-XXE-Xtractor

Blind XXE Xtractor is a script created for educational purpose to test Blind XXE vulnerabilities in controlled environments, which has support for local and remote websites with XML requests.

Language: Shell - Size: 9.77 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 2 - Forks: 0

noraj/SigSegV2.webserver_11

A web challenge that was available during SigSegV2 CTF (2019)

Language: PHP - Size: 381 KB - Last synced at: 1 day ago - Pushed at: over 4 years ago - Stars: 1 - Forks: 0

noraj/SigSegV2.webserver_3

A web challenge that was available during SigSegV2 CTF (2019)

Language: PHP - Size: 376 KB - Last synced at: 18 days ago - Pushed at: over 4 years ago - Stars: 0 - Forks: 1

kljunowsky/XXElixir

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

Language: Python - Size: 44.9 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 53 - Forks: 5

hannoch/python-xxe

Python XXE 漏洞复现 flask作为后台

Language: CSS - Size: 1.08 MB - Last synced at: about 1 year ago - Pushed at: almost 3 years ago - Stars: 7 - Forks: 4

jamieparfet/Apache-OFBiz-XXE

XXE injection (file disclosure) exploit for Apache OFBiz < 16.11.04

Language: Python - Size: 8.79 KB - Last synced at: over 1 year ago - Pushed at: over 6 years ago - Stars: 14 - Forks: 5

4L4K4Z4/Private-Vulnerable-Scanner

Size: 1.95 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

Acceis/exploit-CVE-2023-38490

Kirby < 3.9.6 XML External Entity exploit

Language: PHP - Size: 76.2 KB - Last synced at: about 1 month ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 2

AhmedAyman1196/AymanSecNotes

This repository contains all my notes. Feel free to use them, share them or modify them.

Size: 25.7 MB - Last synced at: almost 2 years ago - Pushed at: almost 5 years ago - Stars: 7 - Forks: 2

darkoid/WebVulnerabilities

This project is demonstration of finding and exploiting common web based vulnerabilities like SQL Injection, XSS, Command Injection, Insecure File Upload and more. This project will also contain creating your own home lab with vulnerabilities to exploit using kali linux.

Size: 15.6 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 1

TheWation/XXESandbox

The PHP sandbox environment is a Docker-based tool for testing XML processing code, with XXE vulnerabilities demonstrated and security considerations explained.

Language: PHP - Size: 5.86 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

rootz491/xxe-castor

testing for xss - oob

Language: HTML - Size: 3.91 KB - Last synced at: 7 days ago - Pushed at: over 4 years ago - Stars: 0 - Forks: 0

HLOverflow/XXE-study

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.

Language: PHP - Size: 4.85 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 63 - Forks: 27

OlivierLaflamme/Auditing-Vulnerabilities

In this repository I'll host my research and methodologies for auditing vulnerabilities

Language: PHP - Size: 168 KB - Last synced at: over 2 years ago - Pushed at: over 5 years ago - Stars: 24 - Forks: 13

deanf1/dotnet-security-unit-tests

A web application that contains several unit tests for the purpose of .NET security

Language: C# - Size: 17.5 MB - Last synced at: over 2 years ago - Pushed at: over 7 years ago - Stars: 27 - Forks: 5

Major2000/XAT Fork of BLACK-BUG-HKRS/XAT

XXE Attack Tool

Language: Go - Size: 32.2 KB - Last synced at: almost 2 years ago - Pushed at: over 2 years ago - Stars: 3 - Forks: 0

0x6b7966/pown-duct Fork of pownjs/duct

Essential tool for finding blind injection attacks.

Language: JavaScript - Size: 31.3 KB - Last synced at: over 1 year ago - Pushed at: over 6 years ago - Stars: 0 - Forks: 0

bhattsameer/TheHackersMeetup_resources

Size: 5.82 MB - Last synced at: 3 months ago - Pushed at: over 7 years ago - Stars: 0 - Forks: 1

Related Keywords

xxe 70 xss 18 xxe-injection 17 security 15 ssrf 14 python 10 exploit 9 rce 9 xml 9 web 7 cve 7 bugbounty 7 xxe-payloads 7 csrf 6 sql-injection 6 xxe-example 6 vulnerability 5 penetration-testing 5 sql 5 sqli 5 hacking 5 pentest 4 xml-entity 4 xxe-attack 4 0-day 4 php 4 command-injection 3 java 3 zimbra 3 pentesting 3 cors 3 oob 3 security-tools 3 pentest-tool 3 ctf 3 owasp 3 bug-bounty 3 injection 3 cybersecurity 3 authenticated 3 cve-2021-29447 3 wordpress 3 payloads 3 csharp 3 cves 3 xee 2 owasp-top-10 2 file 2 exploitation 2 waf 2 hack 2 lfi 2 crlf 2 vulnerability-scanners 2 dotnet 2 ldap 2 attack 2 getshell 2 svg 2 xml-security 2 sigsegv2 2 magento2 2 cve-2024-34102 2 cosmic-sting 2 rtfm 2 bug-bounty-tools 2 xat 2 challenge 2 cve-2019-9670 2 poc 2 0day 2 bypass 2 python3 2 enumeration 2 blind-xxe 2 sqlinjection 2 authentication 2 deserialize 2 jsonp 2 reports 2 rmi 2 payload 2 infosec 2 idor 2 writeups 2 docker 2 hackerone 2 dnslog 2 penetration-testing-tools 2 intruder 2 cyber-security 2 hacktoberfest 2 fuzzing 2 rfi 2 file-upload 2 web-application-security 2 dtd 2 file-inclusion 2 web-application 2 dotnet-core 1

GitHub topics: xxe

FOGSEC/awesome-web-security Fork of R3dFruitRollUp/awesome-web-security

FOGSEC/Mobile-Security-Framework-MobSF Fork of R3dFruitRollUp/Mobile-Security-Framework-MobSF

Major2000/XAT Fork of BLACK-BUG-HKRS/XAT

Tux-MacG1v/CVE-2021-29447 Fork of motikan2010/CVE-2021-29447

0x6b7966/pown-duct Fork of pownjs/duct