How to use XXE to your Advantage
Speakers
Tags
About this talk
Leo Pate (@ltpate3) In 2017, XML External Entities (XXE) saw its first appearance on the OWASP top 10 at number four. It has taken 5+ years for organizations (and L33T hackers) to realize how important (and simple) it is to exploit XXE vulnerabilities. This talk will focus on teaching the ins and outs of XXE, the unveiling of a custom tool, and how Blue, Red, and Purple teams can use our tool, and XXE, as an advantage in their organizations.
Related talks
43:41Mon'Amie: XXE
BSides Charleston · 2016
51:04A Legend Has Arisen: How to use XXE to your Advantage in any Environment
BSides Charleston · 2018
29:01Pentesting Modern Web Apps: A Primer
BSides Augusta · 2018
55:44Burping for Joy and Financial Gain
BSides Augusta · 2017
58:18Tim Tomes - Web Application Authorization: Taming the Perfect Storm
BSides Augusta · 2025
45:24It's the Little Things
BSides PDX · 2018