XML External Entity – WindowsTechs.com

Microsoft Management Console Bugs Allow Windows Takeover

Posted on June 18, 2019 by Tara Seals

Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops. Continue reading Microsoft Management Console Bugs Allow Windows Takeover→

Flaws in Development Tools Expose Android App Makers to Attacks

Posted on December 6, 2017 by Lucian Constantin

Millions of computers and servers that are used to develop, test and analyze Android applications were put at risk by vulnerabilities in widely used development tools. The flaws were discovered by researchers from Check Point Software Technologies and … Continue reading Flaws in Development Tools Expose Android App Makers to Attacks→

Dissecting XXE Attacks – Tradecraft Security Weekly #19

Posted on September 24, 2017 by Paul Asadoorian

When pentesting web services or an application that leverage XML files, XML External Entity (XXE) attacks are a great way to start. By injecting an XXE into a well crafted XML payload before it’s sent to the server, a penetration tester can trick the parser into executing other actions that the developer never intended. This […]

The post Dissecting XXE Attacks – Tradecraft Security Weekly #19 appeared first on Security Weekly.

Continue reading Dissecting XXE Attacks – Tradecraft Security Weekly #19→

Uber.com Backup Bug Nets Researcher $9K

Posted on January 26, 2017 by Chris Brook

A researcher earned $9K for identifying a XXE vulnerability in third party backup software used by Uber. Continue reading Uber.com Backup Bug Nets Researcher $9K→