Exploiting XXE In File Upload Functionality

Just wanted to post some details from my BH USA 2015 briefing “Exploiting XXE In File Upload Functionality”.


I also gave an updated version of the presentation in November for the Blackhat Webcast Series. It included more file types; PDF, JPG, and GIF. The link is here: https://www.blackhat.com/html/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.html