Tuesday, September 10, 2013

XXE OOB strikes back

Microsoft just released patches MS13-072 and MS13-073 to fix CVE-2013-3159 and CVE-2013-3160 XML External Entities Resolution Vulnerability or XXE OOB issues. Details and tools for this and similar issues can be found at XML Out-Of-Band Data Retrieval Black Hat Talk by Timur Yunusov and Alexey Osipov.

So, hack XML, use XXOETA and be happy.

No comments:

Post a Comment