13 results found Sort:

reddelexc
hackerone-reports reddelexc
716
3.9k
unknown
147
Top disclosed reports from HackerOne
rce xss xxe csrf idor ssrf reports security writeups bugbounty hackerone sql-injection
Created 2019-04-19
127 commits to master branch, last one about a month ago
JoyChou93
java-sec-code JoyChou93
645
2.4k
unknown
44
Java web common vulnerabilities and security code which is base on springboot and spring security
rce rmi web xxe code cors java spel sqli ssrf jsonp tomcat security benchmark deserialize
Created 2017-12-26
159 commits to master branch, last one 4 months ago
payloadbox
xxe-injection-payload-list payloadbox
298
1.1k
mit
23
🎯 XML External Entity (XXE) Injection Payload List
xml xxe hacking infosec payload payloads bugbounty bug-bounty xml-entity websecurity xxe-example xxe-payload xxe-payloads cybersecurity xxe-injection cyber-security xxe-payload-list information-security websecurity-reference web-application-security
Created 2019-11-19
15 commits to master branch, last one about a year ago
GoSecure
dtd-finder GoSecure
106
608
unknown
14
List DTDs and generate XXE payloads using those local DTDs.
dtd xxe security hacktoberfest
Created 2019-07-15
46 commits to master branch, last one 3 years ago
luisfontes19
xxexploiter luisfontes19
69
541
mit
14
Tool to help exploit XXE vulnerabilities
dtd oob xee xml xxe file read ssrf cdata expect command exploit entities exection external exploitation
Created 2020-03-14
103 commits to master branch, last one 2 years ago
Li4n0
revsuit Li4n0
62
518
apache-2.0
10
RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
oob rce xxe ssrf dnslog bug-bounty out-of-band pentest-tool reverse-connection
Created 2021-04-21
102 commits to master branch, last one about a year ago
whitel1st
docem whitel1st
84
508
unknown
13
A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
xss xxe oxml bugbounty xss-injection xxe-injection
Created 2019-01-23
21 commits to master branch, last one 9 months ago
chennqqi
godnslog chennqqi
72
470
apache-2.0
9
An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
rce rfi xss xxe ssrf dnslog webscan vulnerability
Created 2020-08-13
54 commits to master branch, last one about a year ago
zer0yu
Berserker zer0yu
57
291
unknown
9
A list of useful payloads for Web Application Security and Pentest/CTF
ctf xss xxe sqli fuzzing pentest scanner intruder web-application
Created 2019-08-04
14 commits to master branch, last one 2 months ago
HLOverflow
XXE-study HLOverflow
37
100
mit
3
This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF ru...
xxe xxe-labs xxe-study xml-entity xxe-example php-xxe-demo java-xxe-demo xxe-injection python-xxe-demo external-entities xml-entity-expansion
Created 2020-03-01
113 commits to master branch, last one about a year ago
k8gege
ZimbraExploit k8gege
41
73
unknown
4
Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)
poc rce xxe 0day ssrf upload zimbra exploit k8cscan getshell cve-2019-9621
Created 2019-05-06
8 commits to master branch, last one 5 years ago
kljunowsky
XXElixir kljunowsky
6
68
unknown
1
This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.
web xxe hack owasp exploit security bugbounty xxe-attack file-upload penetration xxe-injection bug-bounty-tools bug-bounty-hunters penetration-testing file-upload-vulnerability penetration-testing-tools
Created 2023-03-31
8 commits to main branch, last one 10 months ago
cokeBeer
go-sec-code cokeBeer
4
34
unknown
1
Go-sec-code is a project for learning Go vulnerability code.
go xss xxe cors sqli ssrf ssti jsonp security
Created 2022-04-10
30 commits to main branch, last one about a year ago