Tag: WAF

2 posts   See also:  XXE   DTD   SECURITY

Exploiting XXE with local DTD files

This little technique can force your blind XXE to output anything you want!

 48283   2018   DTD   OOB   SECURITY   WAF   XML   XXE

Evil XML with Two Encodings

WAFs see a white noise instead of the document!

 14048   2018   DTD   SECURITY   WAF   XML   XXE