In this post, I will explain how I found a Blind XXE injection on PDF Generator that was vulnerable to CVE-2019-12154. However, in order to exfilftrat ...September 13, 2022
You can bypass Akamai WAF's XXE filters by HTML encoding the SYSTEM entity within a payload like this:
<!DOCTYPE foo [<!ENTITY % a "< ...June 11, 2022
You can bypass Akamai WAF's XXE filters by HTML encoding the SYSTEM entity within a payload like this:
<!DOCTYPE foo [<!ENTITY % a "< ...June 11, 2022
You can bypass XXE restrictions on some WAF for SSRF and file read by using a space before the protocol:
“ http://“
“ file://“
#bugbountytip ...February 21, 2021
You can bypass XXE restrictions on some WAF for SSRF and file read by using a space before the protocol:
“ http://“
“ file://“
#bugbountytips ...February 21, 2021
Here's another writeup for a task I authored with @makelarisjr for @hackthebox_eu x UNI #CTF Quals.
🧇 WAFfles Order consists of insecure deseria ...February 5, 2021
Day 135 & 136 of #100DaysOfCode
Focusing more on #infosec than #webdev.
Tried some things with xxe and found a really cool bypass to WAF through ...December 31, 2020
Day 135 & 136 of #100DaysOfCode
Focusing more on #infosec than #webdev.
Tried some things with xxe and found a really cool bypass to WAF through ...December 31, 2020
I added a method to bypass a WAF from XXE now on PayloadsAllTheThings
https://t.co/mFnOeV8Orl…
XXE WAF Bypass payload:
https://t.co/mFnOeV8Orl…
...December 4, 2020