Workshop given at Hack in Paris 2019
☆126Jun 8, 2023Updated 2 years ago
Alternatives and similar repositories for xxe-workshop
Users that are interested in xxe-workshop are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.☆127Jan 10, 2023Updated 3 years ago
- References, tools and sample payloads☆11Sep 16, 2016Updated 9 years ago
- Scripts and misc. stuff related to the PortSwigger Web Academy☆17Feb 6, 2022Updated 4 years ago
- Material from presentations done by GoSecure researchers☆34Oct 10, 2023Updated 2 years ago
- List DTDs and generate XXE payloads using those local DTDs.☆655Feb 21, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Minimalist cheat sheet for developpers to write secure code☆54Jul 17, 2020Updated 5 years ago
- ☆11Jan 24, 2023Updated 3 years ago
- An easy to navigate list of unicode characters that have risky transformations 💥☆25Mar 22, 2022Updated 4 years ago
- ☆20Jan 24, 2022Updated 4 years ago
- Compiled dataset of Java deserialization CVEs☆60Aug 31, 2020Updated 5 years ago
- CVE-2022-32119 - Arox-Unrestricted-File-Upload☆17Dec 20, 2023Updated 2 years ago
- Accompanying material needed for the workshop☆11Jun 14, 2023Updated 2 years ago
- Exploit scripts☆12Apr 10, 2022Updated 4 years ago
- ☆105Oct 18, 2020Updated 5 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- GetSimple CMS Custom JS Plugin Exploit RCE Chain☆11Mar 8, 2023Updated 3 years ago
- ☆563Mar 27, 2025Updated last year
- ☆29Jan 10, 2023Updated 3 years ago
- Custom scripts for the PIPER Burp extensions.☆97Sep 24, 2023Updated 2 years ago
- ☆696Jul 4, 2022Updated 3 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆963Dec 31, 2021Updated 4 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆355Oct 14, 2020Updated 5 years ago
- ☆148Dec 23, 2022Updated 3 years ago
- Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…☆1,676May 24, 2025Updated 10 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- ☆12Mar 31, 2021Updated 5 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆348Nov 20, 2022Updated 3 years ago
- Burp Suite Extensions☆12Oct 19, 2021Updated 4 years ago
- xss development frameworks, with the goal of making payload writing easier.☆156Aug 7, 2024Updated last year
- Toolkit to detect and keep track on Blind XSS, XXE & SSRF☆335Aug 23, 2019Updated 6 years ago
- Exploit for CVE-2021-3129☆285Jan 29, 2021Updated 5 years ago
- A Burp extension to show the Collaborator client in a tab☆24Dec 23, 2022Updated 3 years ago
- This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a p…☆112Mar 22, 2024Updated 2 years ago
- A XSS mind map ;)☆57Jan 16, 2016Updated 10 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Burp Extension for a passive scanning JS files for endpoint links.☆56Nov 20, 2024Updated last year
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆93Jun 11, 2023Updated 2 years ago
- ☆705Nov 27, 2024Updated last year
- A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.☆519Jul 29, 2020Updated 5 years ago
- ☆21Dec 15, 2020Updated 5 years ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆781Aug 19, 2024Updated last year
- CVE, reports, research☆15Mar 17, 2021Updated 5 years ago
