AllThingsXXE

This is a collection of writeups, cheatsheets, videos, related to XXE in one single location

This is currently work in progress I will add more resources as I continue my learning.

Created By @jdonsec

---

Learn What is XXE

• PortSwigger: XML Entities [READ this first!]

• OneHackMan: Exploiting XML External Entity (XXE) Injections [Read this second!]

• PortSwigger: XML external entity (XXE) injection

• PortSwigger: Finding and Exploiting bling XXE Vulnerabilities

• OneHackMan: Exploiting XML External Entity (XXE) Injections

• XXE Cheat Sheet - SecurityIdiots

Writeups

• XXE that can Bypass WAF Protection [WAF Bypass]

• Arseniy Sharoglazov Exploiting XXE with local DTD files

Hackerone Reports

• #227880 XXE in DoD website that may lead to RCE

• #312543 XXE in Site Audit function exposing file and directory contents

• #334488 Blind XXE via Powerpoint files

• #248668 XXE on sms-be-vip.twitter.com in SXMP Processor [Great report example]

• #347139 LFI and SSRF via XXE in emblem editor

• #106797 marketplace.informatica.com - XXE

• #232614 Uploaded XLF files result in External Entity Execution

• #36450 send.qiwi.ru Soap-based XXE vulnerability /soapserver/

• #500515 XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx

• Phone Call to XXE via Interactive Voice Response

• #836877 XXE through injection of a payload in the XMP metadata of a JPEG file

• #154096 Blind OOB XXE At "http://ubermovement.com/"

• #223203 SVG Server Side Request Forgery (SSRF)

• #105753 app.informaticaondemand.com XXE Looks interesting wish the report was much better so we could all learn from it.

• #106865 rev-app.informatica.com - XXE via SAML Same here wish the report was better

• #105980 XXE at host vpn.owncloud.com

Videos/POC

Tools

CTF/Labs