Exploiting XXE In File Upload Functionality

Just wanted to post some details from my BH USA 2015 briefing “Exploiting XXE In File Upload Functionality”.

The youtube video is up: https://www.youtube.com/watch?v=ouBwRZJHmmo

I also gave an updated version of the presentation in November for the Blackhat Webcast Series. It included more file types; PDF, JPG, and GIF. The link is here: https://www.blackhat.com/html/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.html

Blackhat USA 2019

@AndresRiancho and I (@0xrst) have an outstanding training coming up at Blackhat USA 2019. There are two dates available and you should join us!!! You won’t be disappointed.

August 3rd-4th: THE WEB APPLICATION HACKER LEVEL-UP LAB (THE WAHLL)

August 5th-6th: THE WEB APPLICATION HACKER LEVEL-UP LAB (THE WAHLL)