Jump to content

Search the Community

Showing results for tags 'xxe'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • New USB Rubber Ducky
    • WiFi Pineapple
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
    • WiFi Coconut
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • Legacy Devices
    • Classic USB Rubber Ducky
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 1 result

  1. I want to test If servers like xxe-ftp-server or xxeserv can work to receive http requests and transfer dtds. However I have so far been unable to get either to work when testing on things like OWASP WebGoat or the blind xxe lab by PortSwigger. For example: on the PortSwigger xxe lab, I intercept the correct XML POST request and add <!DOCTYPE stockCheck [ <!ENTITY ping SYSTEM "http://MY_IP:80/"> ]> and then replace the content of the productID tag with &ping; (like it states in the solution). Using either of the mentioned servers results in the same thing, the PortSwigger server responding with 'parsing error' while my xxe servers don't pickup on any traffic at all. If this is just because of how the servers I'm attacking are set up, then can anyone suggest anything i could test against that would allow me to get a result from my xxe servers.
×
×
  • Create New...