Love thy scripture – XXE

XXE (Extensible Markup Language External Entity) is a common type of injection which occurs in applications that fail to sanitize XML input; This is particularly common with web services.  The XML input in a webservice can be considered as a description of data so that two systems can have a common language to communicate with[…]

XAMPP 1.7.3 Heisting

Due to the increase in Web Application Thefts I thought I should share one that I had to prove recently. (names and addresses have been changed where necessary to keep client details confidential) For all XAMPP before 1.7.4 there’s a webdav service that comes with it. In order to test availability of the service just[…]