Web
A compilation of Web-related content.
![](https://pwnedcoffee.com/wp-content/uploads/2020/09/HO-RSA.png)
![XXE Image](https://pwnedcoffee.com/wp-content/uploads/2020/12/xxe_exfiltration-1024x683.png)
Real Stories: XXE Error-Based and OOB Exfiltration
Today I will talk about a severe vulnerability I found during a real pentesting exercise. More precisely, I was able to exploit XXE in order to "blindly" exfiltrate system files from a server using SSRF and an error-based technique.