Librarium
Settings

Hacking websites (great demos) with XML External Entities (XXE)

David Bombal
billion laughs attackbugbountyctfcybersecurityethical hackingethical hacking toolsfile inclusionhack websitehacking demohacking toolsinfosecinjectionoscp preparationprivilege escalationsecuritytib3riuswebweb app pen testingweb application securitywebsecuritywebsite hackwebsite hackingxmlxml attacksxml external entitiesxml external entityxml parser securityxxexxe vulnerability

Big thank you to Brilliant for sponsoring this video! To try Brilliant for free (for 30 days) and to get a 20% discount, visit: https://Brilliant.org/davidbombal

// Tib3rius’ SOCIAL // YouTube: https://www.youtube.com/Tib3rius Website: https://tib3rius.com/ Twitch: https://www.twitch.tv/0xTib3rius GitHub: https://github.com/Tib3rius LinkedIn: https://www.linkedin.com/in/tib3rius/ X: https://x.com/0xtib3rius Bluesky: https://bsky.app/profile/tib3rius.bsky.social

// Links REFERENCE // XXE Demo Repo: https://github.com/Tib3rius/XXE-Demos Dynamic Tool-DTD Repo: https://github.com/Tib3rius/Dynamic-DTD

// Specific Webpage REFERENCE // https://en.wikipedia.org/wiki/Billion_laughs_attack https://tib3rius.com/robots.txt

// David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal

// MY STUFF // https://www.amazon.com/shop/davidbombal

// SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// MENU // 0:00 - Coming up0:33 - Intro 03:07 - Brilliant Advert 04:22 - What is XXE 06:24 - XXE Demo Intro 08:54 - XML Spec Defined Entities 13:27 - XML Billion Laughs Attack 15:07 - XML Exploits 16:27 - XXE Demo Basic Example 1 22:33 - XXE Demo Basic Example 2 23:33 - Error-Based XXE Demo 30:11 - Dynamic DTD Demo 34:45 - The Community 35:33 - Out-Of-Band XXE Demo 40:12 - XML Tips & Tricks 41:25 - Outro

xxe xss xml http https website xml external entities cross site scripting portswigger ajax jscript lol lol attack billion laughts billion lol javascript xss attack xxe attack xxe video tutorial xxs attack tutorial xxe explained xss explained xxe attack example xxe bug bounty xxe tutorial xxe vulnerability xxe vs csrf attack xe example kali linux penetration testing ethical hacking bug bounty cross site scripting cross-site scripting red teaming cyber security kali linux install kali linux 2025 ethical hacker course ethical hacker javascript ajax jquery node js node js hacking portswigger

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.

#xxe #xss #hacking ... https://www.youtube.com/watch?v=qOt2HrKTyEM

2024-12-08
0.0 LBC
Copyrighted (contact publisher)

275666280 Bytes