Advanced XXE ExploitationExercise 1 : Simple XXE (App port 8021)

Philippe ArteauGoSecure Countertack

19/06/2019Slides: http://bit.ly/xxeparis

Running an HTTP server

$ python –m http.server 8888

(pick a port that is unused)

Normal XML file

Malicious XML file

Directory listing

QuestionS ?

Contactparteau@gosecure.cagosecure.net/blog/@h3xStream @GoSecure_Inc