Hello,
Today, a comprehensive video on vulnerabilities related to XML. If you're not familiar with XML, don't worry, I explain everything from A to Z in the video. We cover what XML is, DTDs, basic XXE (XML External Entity) attacks, Server Side Request Forgery (SSRF) via XXE, and blind XXE with DTD reassignment! Enjoy!
00:00 - Intro
00:33 - What is XML?
01:14 - DTD is important! But what is it?
02:42 - Definition of XXE (XML External Entity)
03:13 - Basic XXE lab
05:22 - SSRF via XXE, the technique
06:09 - SSRF via XXE lab
10:02 - How to identify XXE vulnerabilities?
11:33 - What is Blind XXE?
12:16 - Blind XXE via error message
13:55 - Blind XXE with DTD reassignment
17:46 - Impacts and remediations
19:17 - Outro, thank yous
Thumbnail: @gurvanseveno3498
=[ Social ]=
→ My X: / fransosiche
=[ Sources ]=
→ portswigger.net/web-security/xxe
→ www.thehacker.recipes/web/inp...
→ owasp.org/www-community/vulne...
#cybersecurity #vulnerability #exploit #XXE #XML #web #bugbounty #research #computing #IT #FR #French
13 июл 2024