Here’s another writeup for a task I authored with @makelarisjr for @hackthebox_eu x UNI #CTF Quals.
🧇 WAFfles Order consists of insecure deserialization due to a parser differential, leading to OOB XXE WAF bypass using XML encoding declarations.

https://t.co/7NevqoGawz https://t.co/TREkpnpF0l