Cheat Sheets Infrastructure Web Application Security

XXE Cheatsheet – XML External Entity Injection

All the fun of the post on XML External Entities (XXE) but less wordy!

A internal entity:

<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
Cheat Sheets Web Application Security

Path Traversal Cheat Sheet: Linux

Got a path/directory traversal or file disclosure vulnerability on a Linux-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know!

The list included below contains absolute file paths, remember if you have a traversal attack you can prefix these with encoding traversal strings, like these: