Top disclosed reports from HackerOne

Java web common vulnerabilities and security code which is base on springboot and spring security

🎯 XML External Entity (XXE) Injection Payload List

List DTDs and generate XXE payloads using those local DTDs.

Tool to help exploit XXE vulnerabilities

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

A list of useful payloads for Web Application Security and Pentest/CTF

Security Knowledge Structure(安全知识汇总)

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.

Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)

This tool is designed to test for file upload and XXE vulnerabilities by poisoning XLSX files.

Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.

Go-sec-code is a project for learning Go vulnerability code.

A web application that contains several unit tests for the purpose of .NET security

A cheatsheet for exploiting server-side SVG rasterization.

In this repository I'll host my research and methodologies for auditing vulnerabilities

BlindRef serves as the basis for an automated Blind-Based XXE Exploitation Framework

收集了java XXE漏洞的demo及修复方式