Local File Read

Tagged

A collection of 2 posts

Spilling Local Files via XXE when HTTP OOB fails

Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ and later researched on it by GoSecure Team. The scenario was reading out Local Files on the server when HTTP Out of Band was

Local File Read

Local File Read via XSS in Dynamically Generated PDF

Hello Hunters, This time I am writing about a Vulnerability found in another private program(xyz.com) on Bugcrowd which at first I thought wasn't much impactful (P4) but later escalated it to a P1. While browsing the Application I came across an endpoint which allowed us to download some