
Writing secure code today is easier than making a mistake that would lead to an XXE vulnerability. While examining a library, I wondered: is its code truly secure? At first glance, everything appeared to be filtered, and the function didn’t have the attributes that could make it vulnerable.
However, I was able to exploit an almost impossible XXE vulnerability using a combination of techniques and features.
Continue reading