Web
A compilation of Web-related content.
Real Stories: XXE Error-Based and OOB Exfiltration
Today I will talk about a severe vulnerability I found during a real pentesting exercise. More precisely, I was able to exploit XXE in order to "blindly" exfiltrate system files from a server using SSRF and an error-based technique.