Description:
Explore a Black Hat conference talk delving into critical Xml eXternal Entities (XXE) vulnerabilities in enterprise software. Discover two zero-day exploits affecting Java servers and Internet Explorer, allowing arbitrary file exfiltration and Same Origin Policy bypass. Learn about finding and exploiting these vulnerabilities, as well as prevention strategies. Gain insights into defending against external entities, understanding resolvers, nested exceptions, and disabling protocols. Examine browser history vulnerabilities, quirks mode exploitation, XML parsing techniques, and payload creation. Analyze limitations, parse errors, and cookie file enumeration. Understand who is vulnerable and stay updated on this critical security issue.
FileCry - The New Age of XXE
Add to list
#Conference Talks
#Black Hat
#Programming
#Web Development
#Information Security (InfoSec)
#Cybersecurity
#Ethical Hacking
#XML External Entity (XXE) Injection