Projects in Awesome Lists tagged with xxe

https://github.com/reddelexc/hackerone-reports

Top disclosed reports from HackerOne

bugbounty csrf hackerone idor rce reports security sql-injection ssrf writeups xss xxe

Last synced: 13 May 2025

https://github.com/JoyChou93/java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

benchmark code cors deserialize java jsonp rce rmi security spel sqli ssrf tomcat web xxe

Last synced: 10 Jul 2025

https://github.com/joychou93/java-sec-code

Java web common vulnerabilities and security code which is base on springboot and spring security

benchmark code cors deserialize java jsonp rce rmi security spel sqli ssrf tomcat web xxe

Last synced: 14 May 2025

https://github.com/payloadbox/xxe-injection-payload-list

🎯 XML External Entity (XXE) Injection Payload List

bug-bounty bugbounty cyber-security cybersecurity hacking information-security infosec payload payloads web-application-security websecurity websecurity-reference xml xml-entity xxe xxe-example xxe-injection xxe-payload xxe-payload-list xxe-payloads

Last synced: 03 Sep 2025

https://github.com/gosecure/dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

dtd hacktoberfest security xxe

Last synced: 04 Apr 2025

https://github.com/GoSecure/dtd-finder

List DTDs and generate XXE payloads using those local DTDs.

dtd hacktoberfest security xxe

Last synced: 02 Apr 2025

https://github.com/luisfontes19/xxexploiter

Tool to help exploit XXE vulnerabilities

cdata command dtd entities exection expect exploit exploitation external file oob read ssrf xee xml xxe

Last synced: 02 Apr 2025

https://github.com/Li4n0/revsuit

RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

bug-bounty dnslog oob out-of-band pentest-tool rce reverse-connection ssrf xxe

Last synced: 11 Jul 2025

https://github.com/whitel1st/docem

A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)

bugbounty oxml xss xss-injection xxe xxe-injection

Last synced: 02 Apr 2025

https://github.com/chennqqi/godnslog

An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

dnslog rce rfi ssrf vulnerability webscan xss xxe

Last synced: 05 Apr 2025

https://github.com/zer0yu/Berserker

A list of useful payloads for Web Application Security and Pentest/CTF

ctf fuzzing intruder pentest scanner sqli web-application xss xxe

Last synced: 13 Mar 2025

https://github.com/zer0yu/berserker

A list of useful payloads for Web Application Security and Pentest/CTF

ctf fuzzing intruder pentest scanner sqli web-application xss xxe

Last synced: 06 Apr 2025

https://github.com/joychou93/sks

Security Knowledge Structure(安全知识汇总)

deserialize java nginx-lua php python security waf webshell xxe

Last synced: 10 May 2025

https://github.com/JoyChou93/sks

Security Knowledge Structure(安全知识汇总)

deserialize java nginx-lua php python security waf webshell xxe

Last synced: 13 Mar 2025

https://github.com/k8gege/zimbraexploit

Zimbra邮件系统漏洞 XXE/RCE/SSRF/Upload GetShell Exploit 1. (CVE-2019-9621 Zimbra<8.8.11 XXE GetShell Exploit)

0day cve-2019-9621 exploit getshell k8cscan poc rce ssrf upload xxe zimbra

Last synced: 03 May 2025

https://github.com/ztgrace/mole

Mole is a framework for identifying and exploiting out-of-band application vulnerabilities.

appsec burp-extensions infosec oob penetration-testing python security-tools xss xxe

Last synced: 11 Jul 2025

https://github.com/cokebeer/go-sec-code

Go-sec-code is a project for learning Go vulnerability code.

cors go jsonp security sqli ssrf ssti xss xxe

Last synced: 26 Jul 2025

https://github.com/astteam/xxe

《Web安全教程之XXE漏洞》XML External Entity Injection.

0e0w astteam getshell xxe

Last synced: 22 Feb 2025

https://github.com/francescodisalesgithub/xxe-gen

XXE vulnerability creator

pentest-tool pentesting python-hacking python-hacking-tools python3 xxe xxe-injection xxe-payloads

Last synced: 25 Oct 2025

https://github.com/0xricksanchez/upfuzz

The Ultimate File Upload Bypass Generator

bugbounty file-inclusion file-upload fuzzing penetration-testing xxe xxe-payloads

Last synced: 10 Oct 2025

https://github.com/000pp/arbimz

🔥 Arbimz is a python tool created to exploit the vulnerability on Zimbra assigned as CVE-2019-9670.

2019 cve cve-2019-9670 exploit offsec pentest poc python python3 rce redteam ssrf xxe zimbra

Last synced: 24 Apr 2025

https://github.com/qeeqbox/xxe-injection

A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files

infosecsimplified injection metadata qeeqbox visualization vulnerability xee xml xxe xxe-injection

Last synced: 05 Mar 2025

https://github.com/ishanoshada/xxe

A comprehensive Python package for XML External Entity (XXE) security testing and analysis. This package provides tools for security researchers and ethical hackers to identify and analyze XXE vulnerabilities in XML processing systems.

ceh cyber-security cybersecurity oscp pypi python security xxe

Last synced: 13 Apr 2025

https://github.com/noraj/sigsegv2.webserver_11

A web challenge that was available during SigSegV2 CTF (2019)

bypass challenge ctf php rtfm sigsegv2 ssrf svg web xxe

Last synced: 08 Nov 2025

https://github.com/kiran-kumar-k3/vulnerability-payload-lists

A curated repository of categorized payloads for testing and exploiting common web vulnerabilities in ethical hacking and penetration testing.

bugbounty command-injection payload-lists payloads sql sqli-payloads vulnerability-testing xss xss-payloads xxe

Last synced: 18 Jun 2025

https://github.com/mbadanoiu/cve-2021-42560

CVE-2021-42560: Unsafe XML Parsing in MITRE Caldera

0-day authenticated cve cve-2021-42560 cves xxe

Last synced: 19 Oct 2025

https://github.com/mbadanoiu/cve-2019-14678

CVE-2019-14678: XML External Entity in SAS XML Mapper

0-day cve cve-2019-14678 cves xxe

Last synced: 01 Mar 2025

https://github.com/mbadanoiu/cve-2021-46365

CVE-2021-46365: Unsafe XML Parsing in Magnolia CMS

0-day authenticated cve cve-2021-46365 cves xxe

Last synced: 01 Mar 2025

https://github.com/mbadanoiu/wso2-2020-0731

WSO2-2020-0731: XXE and XSS vulnerabilities in WSO2 Carbon

0-day cross-site-scripting stored-xss wso2-2020-0731 xxe

Last synced: 03 Jul 2025

https://github.com/bhattsameer/thehackersmeetup_resources

crlf hacking iotsecurity material meetup pptx sqlinjection xss xxe

Last synced: 11 Nov 2025

https://github.com/acceis/exploit-cve-2023-38490

Kirby < 3.9.6 XML External Entity exploit

cve cve-2023-38490 exploit kirby kirby-cms xxe

Last synced: 21 Jul 2025

https://github.com/wh1t3fox/xxe.page

XXE Testing Page

security security-tools xxe xxe-example xxe-injection xxe-payloads

Last synced: 24 Mar 2025

https://github.com/rootz491/xxe-castor

testing for xss - oob

ooe xxe

Last synced: 28 Dec 2025

https://github.com/areebasaghir311/test-dotnet

A reusable workflow for running tests for .NET projects.

azure-pipelines build-automation circleci csharp docker netcore nuget playwright reporting testing vue webapi xxe xxe-injection

Last synced: 30 Dec 2025

https://github.com/noraj/sigsegv2.webserver_3

A web challenge that was available during SigSegV2 CTF (2019)

challenge ctf file-read php rtfm sigsegv2 svg web xxe

Last synced: 08 Nov 2025