Infosec writeups, thoughts, stories and ideas.
I, Harsh and Rajanish conducted a workshop at Ekoparty, HacktivityConf & NoNameCon 2020. Below are the links to the slides and video of the same :) We received really good feedback for the content presented and hope you enjoy it as well. Slides - https://docs.google.com/presentation/d/1dYmdqZh-8JJ-FV20dtAz4VTLshDNBIhpGvfr4xv0OiA
Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ and later researched on it by GoSecure Team. The scenario was reading out Local Files on the server when HTTP Out of Band was