xxe - Rahul Maini

Demystifying the Server-Side 2020

I, Harsh and Rajanish conducted a workshop at Ekoparty, HacktivityConf & NoNameCon 2020. Below are the links to the slides and video of the same :) We received really good feedback for the content presented and hope you enjoy it as well. Slides - https://docs.google.com/presentation/d/1dYmdqZh-8JJ-FV20dtAz4VTLshDNBIhpGvfr4xv0OiA

xxe

Spilling Local Files via XXE when HTTP OOB fails

Today I will be sharing a very interesting technique of exploiting an XXE which was discovered from what I know by https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/ and later researched on it by GoSecure Team. The scenario was reading out Local Files on the server when HTTP Out of Band was

CTF

H1-5411 CTF

Harsh and I solved very interesting H1-5411 CTF. You'll be redirected in 5 seconds!