Exploiting XXE In File Upload Functionality

ID SILENTROBOTS:D1E740543529DF18B989E677A493A919
Type silentrobots
Reporter Silent Robot Systems blog
Modified 2016-05-01T04:00:00


Just wanted to post some details from my BH USA 2015 briefing "Exploiting XXE In File Upload Functionality".

The youtube video is up: <https://www.youtube.com/watch?v=ouBwRZJHmmo>

I also gave an updated version of the presentation in November for the Blackhat Webcast Series. It included more file types; PDF, JPG, and GIF. The link is here: <https://www.blackhat.com/html/webcast/11192015-exploiting-xml-entity-vulnerabilities-in-file-parsing-functionality.html>