Gupta Bless

Mar 27, 2021

4 min read

Exploiting XXE via File Upload

Before moving further we must get familiar with XXE. So please check my previous blogs on it.

https://medium.com/@gupta.bless/exploitation-xml-external-entity-xxe-1f5f3e7bc5c4

We have learnt about XXE previously but there is one more thing we need to understand before going ahead, unrestricted file upload vulnerabilities. So you can read my previous blog for that one as well.

--

--

More from Gupta Bless

Security enthusiast working to secure web for others.

Love podcasts or audiobooks? Learn on the go with our new app.

Try Knowable

Recommended from Medium

Allen Joseph AJ

EthIndia 2.0: My first Hackathon experience🙌

Gupta Bless

Exploiting Remember Me Cookie For Account Takeover

Divorce Lawyer

Bankruptcy Law

bankruptcy law
Gupta Bless

Penetration Testing Of Network

Aditi Agarwal

Why every j̶u̶n̶i̶o̶r developer should write their own Git after HelloWorld!

Alphan Dinc

Firebase Token Validation via .NET Core API

SelectProjectTypeAPI
Daniel Tartaglia

Integrating RxSwift Into Your Brain and Code Base: Part 2

Prateek Verma

Good BYEEEEE

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gupta Bless

Gupta Bless

Security enthusiast working to secure web for others.

More from Medium

Omkar A Avasthi

Testing WebSockets for Vulnerabilities {Part-3} The Burp Proxy

Zulfi Al-Farizi

in

System Weakness

Chained Bug: XML File Upload to XSS to CSRF to Full Account Take Over (ATO)

Frank Leitner

Writeup: CSRF where token is tied to non-session cookie @ PortSwigger Academy

Ahmed Al-Ahmed

Lab: CORS vulnerability with internal network pivot attack — walkthrough

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable