- Exploiting XXE with Local DTD Files
- XXE defence(les)s in JDK XML parsers
- https://phonexicum.github.io/infosec/xxe.html
- blackhat 2019 - xxe out of bank
- portswigger xxe
- GOLD - spaeth dtd attacks
- dtd error based trick
- xxe saml - applicable to all
- XXE: How to Become a Jedi or zeronights.org pdf
- xxe depthsecurity
- Steal NTLM Hashes
- xxe waf bypass
- advanced xxe
- exploiting out of band xxe using internal network and php wrappers
- what you didn't nkow about xxe attacks
- XXE Cheat Sheet (Web-Security & -Insecurity
- Things Are Getting Out of Band
- details asp/.net xxe to rce
- Misconfigurations in Java Xml Parsers (immunityinc)
- analysis of java methods and abusing them
- From XXE to RCE: Pwn2Win CTF 2018 Writeup
- ssrf to tomcat rce using gopher in java 6
- related: https://github.com/pimps/gopher-tomcat-deployer