├── 21_rssviewer_xxe ├── .gitignore ├── Dockerfile ├── README.md ├── build.gradle ├── docker-compose.yml ├── gradle │ └── wrapper │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── secret │ └── flag.txt └── src │ └── main │ ├── java │ └── net │ │ └── gosecure │ │ └── rssviewer │ │ ├── App1Application.java │ │ ├── AtomController.java │ │ └── model │ │ ├── RssInputForm.java │ │ └── RssItem.java │ └── resources │ ├── application.properties │ ├── static │ ├── css │ │ └── core.css │ └── images │ │ ├── news-icon.png │ │ ├── newspaper.png │ │ └── user.gif │ └── templates │ ├── fragments │ └── layout.html │ ├── index.html │ └── preview.html ├── 22_dtd_xxe ├── Dockerfile ├── README.md ├── conf │ └── tomcat-users.xml ├── docker-compose.yml ├── secret │ ├── ab │ │ └── .gitkeep │ ├── cdef │ │ └── .gitkeep │ ├── g │ │ └── .gitkeep │ ├── h │ │ └── .gitkeep │ ├── ijk │ │ ├── .gitkeep │ │ └── flag.txt │ └── lmop │ │ └── .gitkeep ├── solution │ ├── easy.xml │ ├── ftp_server.rb │ ├── remote.dtd │ ├── send_payload.xml │ └── special │ │ └── payloads.txt ├── svg │ ├── pom.xml │ └── src │ │ ├── main │ │ ├── java │ │ │ └── com │ │ │ │ └── h3xstream │ │ │ │ └── webxxe │ │ │ │ └── actions │ │ │ │ ├── CovertImageAction.java │ │ │ │ └── ImageTextUtil.java │ │ ├── resources │ │ │ ├── log4j.properties │ │ │ └── struts.xml │ │ └── webapp │ │ │ ├── WEB-INF │ │ │ └── web.xml │ │ │ ├── _footer.jsp │ │ │ ├── _header.jsp │ │ │ ├── index.jsp │ │ │ ├── js │ │ │ ├── ace.js │ │ │ └── jquery.min.js │ │ │ └── sorry.jsp │ │ └── test │ │ └── java │ │ └── server │ │ └── StartServer.java └── webapps │ ├── .gitignore │ ├── ROOT.war │ ├── host-manager │ ├── META-INF │ │ └── context.xml │ ├── WEB-INF │ │ ├── jsp │ │ │ ├── 401.jsp │ │ │ ├── 403.jsp │ │ │ └── 404.jsp │ │ └── web.xml │ ├── images │ │ ├── add.gif │ │ ├── asf-logo.svg │ │ ├── code.gif │ │ ├── design.gif │ │ ├── docs.gif │ │ ├── fix.gif │ │ ├── tomcat.gif │ │ ├── update.gif │ │ └── void.gif │ ├── index.jsp │ └── manager.xml │ └── manager │ ├── META-INF │ └── context.xml │ ├── WEB-INF │ ├── jsp │ │ ├── 401.jsp │ │ ├── 403.jsp │ │ ├── 404.jsp │ │ ├── connectorCiphers.jsp │ │ ├── sessionDetail.jsp │ │ └── sessionsList.jsp │ └── web.xml │ ├── images │ ├── add.gif │ ├── asf-logo.svg │ ├── code.gif │ ├── design.gif │ ├── docs.gif │ ├── fix.gif │ ├── tomcat.gif │ ├── update.gif │ └── void.gif │ ├── index.jsp │ ├── status.xsd │ └── xform.xsl ├── 23_encoding_xxe ├── Dockerfile ├── README.md ├── docker-compose.yml ├── solution │ ├── 01_atom_feed.xml │ └── 02_atom_feed_php.xml └── src │ ├── .htaccess │ ├── .svn │ ├── entries │ ├── format │ ├── pristine │ │ ├── 39 │ │ │ └── 390c87ddfd9fb47ecf5db35b9e6cbe3213c9bea2.svn-base │ │ ├── 85 │ │ │ └── 85afee84135e7aabd58cc0450effab270e870667.svn-base │ │ ├── 0b │ │ │ └── 0b60f7508b917e576e6754515f60ea7477cb4306.svn-base │ │ ├── 1b │ │ │ └── 1b6d45105e448c10d3e0fa9237781c0970913174.svn-base │ │ ├── b1 │ │ │ └── b135a1900080f2a90163fb3ebfe13e84a4732533.svn-base │ │ ├── c4 │ │ │ └── c496c279d4f3329b922f2ee9b0325a8a69783921.svn-base │ │ └── f9 │ │ │ └── f9ed4fe019e10c25eade1521dfec9eda67c63e91.svn-base │ ├── wc.db │ └── wc.db-journal │ ├── back_mtl.jpg │ ├── index.php │ ├── seriouscat.gif │ ├── styles.css │ ├── supercomputer.gif │ ├── test_dev.php │ └── view.php ├── 24_write_xxe ├── README.md ├── app │ ├── .gitignore │ ├── Dockerfile │ ├── README.md │ ├── build.gradle │ ├── docker-compose.yml │ ├── flag │ │ └── flag.pdf │ ├── gradle │ │ └── wrapper │ │ │ ├── gradle-wrapper.jar │ │ │ └── gradle-wrapper.properties │ ├── gradlew │ ├── gradlew.bat │ └── src │ │ └── main │ │ ├── java │ │ └── net │ │ │ └── gosecure │ │ │ └── books │ │ │ ├── App1Application.java │ │ │ ├── controller │ │ │ ├── AdminController.java │ │ │ └── HomeController.java │ │ │ ├── init │ │ │ ├── SecurityConfig.java │ │ │ └── ServerConfiguration.java │ │ │ └── model │ │ │ └── BookForm.java │ │ └── resources │ │ ├── application.properties │ │ ├── data │ │ ├── doc_book_preview.xsl │ │ └── doc_book_sample.xml │ │ ├── static │ │ ├── backup │ │ │ ├── backup.sql │ │ │ └── index.htm │ │ ├── css │ │ │ ├── bootstrap.css │ │ │ ├── bootstrap.min.css │ │ │ ├── freelancer.css │ │ │ └── override.css │ │ ├── font-awesome │ │ │ ├── css │ │ │ │ ├── font-awesome.css │ │ │ │ └── font-awesome.min.css │ │ │ ├── fonts │ │ │ │ ├── FontAwesome.otf │ │ │ │ ├── fontawesome-webfont.eot │ │ │ │ ├── fontawesome-webfont.svg │ │ │ │ ├── fontawesome-webfont.ttf │ │ │ │ └── fontawesome-webfont.woff │ │ │ ├── less │ │ │ │ ├── bordered-pulled.less │ │ │ │ ├── core.less │ │ │ │ ├── fixed-width.less │ │ │ │ ├── font-awesome.less │ │ │ │ ├── icons.less │ │ │ │ ├── larger.less │ │ │ │ ├── list.less │ │ │ │ ├── mixins.less │ │ │ │ ├── path.less │ │ │ │ ├── rotated-flipped.less │ │ │ │ ├── spinning.less │ │ │ │ ├── stacked.less │ │ │ │ └── variables.less │ │ │ └── scss │ │ │ │ ├── _bordered-pulled.scss │ │ │ │ ├── _core.scss │ │ │ │ ├── _fixed-width.scss │ │ │ │ ├── _icons.scss │ │ │ │ ├── _larger.scss │ │ │ │ ├── _list.scss │ │ │ │ ├── _mixins.scss │ │ │ │ ├── _path.scss │ │ │ │ ├── _rotated-flipped.scss │ │ │ │ ├── _spinning.scss │ │ │ │ ├── _stacked.scss │ │ │ │ ├── _variables.scss │ │ │ │ └── font-awesome.scss │ │ ├── images │ │ │ ├── books │ │ │ │ ├── BreakingCrypto.png │ │ │ │ ├── Googling.jpg │ │ │ │ ├── Hoping.jpg │ │ │ │ ├── Pentesting.png │ │ │ │ └── UselessCommits.jpg │ │ │ └── logo.jpg │ │ ├── js │ │ │ ├── ace │ │ │ │ ├── ace.js │ │ │ │ ├── mode-html.js │ │ │ │ ├── mode-xml.js │ │ │ │ ├── theme-github.js │ │ │ │ └── theme-textmate.js │ │ │ ├── bootstrap.min.js │ │ │ ├── jquery-ace.min.js │ │ │ ├── jquery │ │ │ │ └── jquery-1.8.3.min.js │ │ │ └── json2.js │ │ └── robots.txt │ │ └── templates │ │ ├── admin_index.html │ │ ├── admin_upload.html │ │ ├── fragments │ │ └── layout.html │ │ └── index.html └── solution │ ├── malicious.xsl │ ├── slow_http_server.py │ ├── slowserver.jar │ └── xxe_exploit.py ├── README.md └── codelabs ├── .gitignore ├── README.md ├── assets ├── exercise1 │ ├── image10.png │ ├── image11.png │ ├── image12.png │ ├── image13.png │ ├── image14.png │ ├── image4.png │ ├── image5.png │ ├── image6.png │ ├── image7.png │ ├── image8.png │ └── image9.png ├── exercise2 │ ├── image10.png │ ├── image11.png │ ├── image12.png │ ├── image13.png │ ├── image14.png │ ├── image15.png │ ├── image16.png │ ├── image4.png │ ├── image5.png │ └── image9.png ├── exercise3 │ ├── image4.png │ ├── image5.png │ ├── image6.png │ ├── image7.png │ ├── image8.png │ └── image9.png ├── exercise4 │ ├── image13.png │ ├── image14.png │ ├── image15.png │ ├── image16.png │ ├── image4.png │ ├── image5.png │ ├── image6.png │ ├── image7.png │ ├── image8.png │ ├── image9.png │ ├── jar_browse.png │ ├── jar_slow_server.png │ └── jar_upload.png ├── exercise5 │ ├── image11.png │ ├── image12.png │ ├── image13.png │ ├── image14.png │ ├── image15.png │ ├── image4.png │ └── image9.png ├── intro │ ├── entity1.png │ ├── entity2.png │ ├── malicious_payload.png │ └── xml_everywhere.png ├── jar │ └── temp_file.png ├── local-dtd │ └── filename_exception.png └── out-of-bound │ ├── external_dtd.gif │ ├── out1.png │ └── out2.png └── index.md /21_rssviewer_xxe/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | classes/ 3 | .idea/ 4 | out/ 5 | .gradle/ -------------------------------------------------------------------------------- /21_rssviewer_xxe/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/Dockerfile -------------------------------------------------------------------------------- /21_rssviewer_xxe/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/README.md -------------------------------------------------------------------------------- /21_rssviewer_xxe/build.gradle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/build.gradle -------------------------------------------------------------------------------- /21_rssviewer_xxe/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/docker-compose.yml -------------------------------------------------------------------------------- /21_rssviewer_xxe/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /21_rssviewer_xxe/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/gradle/wrapper/gradle-wrapper.properties -------------------------------------------------------------------------------- /21_rssviewer_xxe/gradlew: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/gradlew -------------------------------------------------------------------------------- /21_rssviewer_xxe/gradlew.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/gradlew.bat -------------------------------------------------------------------------------- /21_rssviewer_xxe/secret/flag.txt: -------------------------------------------------------------------------------- 1 | Got it ! 2 | flag-a407d7392e193159920bec5a0185bb5f 3 | -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/java/net/gosecure/rssviewer/App1Application.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/java/net/gosecure/rssviewer/App1Application.java -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/java/net/gosecure/rssviewer/AtomController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/java/net/gosecure/rssviewer/AtomController.java -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/java/net/gosecure/rssviewer/model/RssInputForm.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/java/net/gosecure/rssviewer/model/RssInputForm.java -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/java/net/gosecure/rssviewer/model/RssItem.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/java/net/gosecure/rssviewer/model/RssItem.java -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/resources/application.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/resources/application.properties -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/resources/static/css/core.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/resources/static/css/core.css -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/resources/static/images/news-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/resources/static/images/news-icon.png -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/resources/static/images/newspaper.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/resources/static/images/newspaper.png -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/resources/static/images/user.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/resources/static/images/user.gif -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/resources/templates/fragments/layout.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/resources/templates/fragments/layout.html -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/resources/templates/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/resources/templates/index.html -------------------------------------------------------------------------------- /21_rssviewer_xxe/src/main/resources/templates/preview.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/21_rssviewer_xxe/src/main/resources/templates/preview.html -------------------------------------------------------------------------------- /22_dtd_xxe/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/Dockerfile -------------------------------------------------------------------------------- /22_dtd_xxe/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/README.md -------------------------------------------------------------------------------- /22_dtd_xxe/conf/tomcat-users.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/conf/tomcat-users.xml -------------------------------------------------------------------------------- /22_dtd_xxe/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/docker-compose.yml -------------------------------------------------------------------------------- /22_dtd_xxe/secret/ab/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /22_dtd_xxe/secret/cdef/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /22_dtd_xxe/secret/g/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /22_dtd_xxe/secret/h/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /22_dtd_xxe/secret/ijk/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /22_dtd_xxe/secret/ijk/flag.txt: -------------------------------------------------------------------------------- 1 | Got it ! 2 | flag-ce926abb19bb8d6a79b6f5a346ec0b39 -------------------------------------------------------------------------------- /22_dtd_xxe/secret/lmop/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /22_dtd_xxe/solution/easy.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/solution/easy.xml -------------------------------------------------------------------------------- /22_dtd_xxe/solution/ftp_server.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/solution/ftp_server.rb -------------------------------------------------------------------------------- /22_dtd_xxe/solution/remote.dtd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/solution/remote.dtd -------------------------------------------------------------------------------- /22_dtd_xxe/solution/send_payload.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/solution/send_payload.xml -------------------------------------------------------------------------------- /22_dtd_xxe/solution/special/payloads.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /22_dtd_xxe/svg/pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/pom.xml -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/java/com/h3xstream/webxxe/actions/CovertImageAction.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/java/com/h3xstream/webxxe/actions/CovertImageAction.java -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/java/com/h3xstream/webxxe/actions/ImageTextUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/java/com/h3xstream/webxxe/actions/ImageTextUtil.java -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/resources/log4j.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/resources/log4j.properties -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/resources/struts.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/resources/struts.xml -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/webapp/WEB-INF/web.xml -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/webapp/_footer.jsp: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/webapp/_header.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/webapp/_header.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/webapp/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/webapp/index.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/webapp/js/ace.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/webapp/js/ace.js -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/webapp/js/jquery.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/main/webapp/js/jquery.min.js -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/main/webapp/sorry.jsp: -------------------------------------------------------------------------------- 1 | Oups !! -------------------------------------------------------------------------------- /22_dtd_xxe/svg/src/test/java/server/StartServer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/svg/src/test/java/server/StartServer.java -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/.gitignore: -------------------------------------------------------------------------------- 1 | ROOT -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/ROOT.war: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/ROOT.war -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/META-INF/context.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/META-INF/context.xml -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/WEB-INF/jsp/401.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/WEB-INF/jsp/401.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/WEB-INF/jsp/403.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/WEB-INF/jsp/403.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/WEB-INF/jsp/404.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/WEB-INF/jsp/404.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/WEB-INF/web.xml -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/add.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/add.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/asf-logo.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/asf-logo.svg -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/code.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/code.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/design.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/design.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/docs.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/docs.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/fix.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/fix.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/tomcat.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/tomcat.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/update.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/update.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/images/void.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/images/void.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/index.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/host-manager/manager.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/host-manager/manager.xml -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/META-INF/context.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/META-INF/context.xml -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/WEB-INF/jsp/401.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/WEB-INF/jsp/401.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/WEB-INF/jsp/403.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/WEB-INF/jsp/403.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/WEB-INF/jsp/404.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/WEB-INF/jsp/404.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/WEB-INF/jsp/connectorCiphers.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/WEB-INF/jsp/sessionDetail.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/WEB-INF/jsp/sessionDetail.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/WEB-INF/jsp/sessionsList.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/WEB-INF/jsp/sessionsList.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/WEB-INF/web.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/WEB-INF/web.xml -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/add.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/add.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/asf-logo.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/asf-logo.svg -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/code.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/code.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/design.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/design.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/docs.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/docs.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/fix.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/fix.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/tomcat.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/tomcat.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/update.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/update.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/images/void.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/images/void.gif -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/index.jsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/index.jsp -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/status.xsd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/status.xsd -------------------------------------------------------------------------------- /22_dtd_xxe/webapps/manager/xform.xsl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/22_dtd_xxe/webapps/manager/xform.xsl -------------------------------------------------------------------------------- /23_encoding_xxe/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/Dockerfile -------------------------------------------------------------------------------- /23_encoding_xxe/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/README.md -------------------------------------------------------------------------------- /23_encoding_xxe/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/docker-compose.yml -------------------------------------------------------------------------------- /23_encoding_xxe/solution/01_atom_feed.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/solution/01_atom_feed.xml -------------------------------------------------------------------------------- /23_encoding_xxe/solution/02_atom_feed_php.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/solution/02_atom_feed_php.xml -------------------------------------------------------------------------------- /23_encoding_xxe/src/.htaccess: -------------------------------------------------------------------------------- 1 | RedirectMatch 404 ".*\/\..*" 2 | -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/entries: -------------------------------------------------------------------------------- 1 | 12 2 | -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/format: -------------------------------------------------------------------------------- 1 | 12 2 | -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/pristine/0b/0b60f7508b917e576e6754515f60ea7477cb4306.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/.svn/pristine/0b/0b60f7508b917e576e6754515f60ea7477cb4306.svn-base -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/pristine/1b/1b6d45105e448c10d3e0fa9237781c0970913174.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/.svn/pristine/1b/1b6d45105e448c10d3e0fa9237781c0970913174.svn-base -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/pristine/39/390c87ddfd9fb47ecf5db35b9e6cbe3213c9bea2.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/.svn/pristine/39/390c87ddfd9fb47ecf5db35b9e6cbe3213c9bea2.svn-base -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/pristine/85/85afee84135e7aabd58cc0450effab270e870667.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/.svn/pristine/85/85afee84135e7aabd58cc0450effab270e870667.svn-base -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/pristine/b1/b135a1900080f2a90163fb3ebfe13e84a4732533.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/.svn/pristine/b1/b135a1900080f2a90163fb3ebfe13e84a4732533.svn-base -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/pristine/c4/c496c279d4f3329b922f2ee9b0325a8a69783921.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/.svn/pristine/c4/c496c279d4f3329b922f2ee9b0325a8a69783921.svn-base -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/pristine/f9/f9ed4fe019e10c25eade1521dfec9eda67c63e91.svn-base: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/.svn/pristine/f9/f9ed4fe019e10c25eade1521dfec9eda67c63e91.svn-base -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/wc.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/.svn/wc.db -------------------------------------------------------------------------------- /23_encoding_xxe/src/.svn/wc.db-journal: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /23_encoding_xxe/src/back_mtl.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/back_mtl.jpg -------------------------------------------------------------------------------- /23_encoding_xxe/src/index.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/index.php -------------------------------------------------------------------------------- /23_encoding_xxe/src/seriouscat.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/seriouscat.gif -------------------------------------------------------------------------------- /23_encoding_xxe/src/styles.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/styles.css -------------------------------------------------------------------------------- /23_encoding_xxe/src/supercomputer.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/supercomputer.gif -------------------------------------------------------------------------------- /23_encoding_xxe/src/test_dev.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/test_dev.php -------------------------------------------------------------------------------- /23_encoding_xxe/src/view.php: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/23_encoding_xxe/src/view.php -------------------------------------------------------------------------------- /24_write_xxe/README.md: -------------------------------------------------------------------------------- 1 | See the [app](./app) directory for build instruction.. -------------------------------------------------------------------------------- /24_write_xxe/app/.gitignore: -------------------------------------------------------------------------------- 1 | build/ 2 | classes/ 3 | .idea/ 4 | out/ 5 | .gradle/ -------------------------------------------------------------------------------- /24_write_xxe/app/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/Dockerfile -------------------------------------------------------------------------------- /24_write_xxe/app/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/README.md -------------------------------------------------------------------------------- /24_write_xxe/app/build.gradle: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/build.gradle -------------------------------------------------------------------------------- /24_write_xxe/app/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/docker-compose.yml -------------------------------------------------------------------------------- /24_write_xxe/app/flag/flag.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/flag/flag.pdf -------------------------------------------------------------------------------- /24_write_xxe/app/gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /24_write_xxe/app/gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/gradle/wrapper/gradle-wrapper.properties -------------------------------------------------------------------------------- /24_write_xxe/app/gradlew: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/gradlew -------------------------------------------------------------------------------- /24_write_xxe/app/gradlew.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/gradlew.bat -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/java/net/gosecure/books/App1Application.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/java/net/gosecure/books/App1Application.java -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/java/net/gosecure/books/controller/AdminController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/java/net/gosecure/books/controller/AdminController.java -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/java/net/gosecure/books/controller/HomeController.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/java/net/gosecure/books/controller/HomeController.java -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/java/net/gosecure/books/init/SecurityConfig.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/java/net/gosecure/books/init/SecurityConfig.java -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/java/net/gosecure/books/init/ServerConfiguration.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/java/net/gosecure/books/init/ServerConfiguration.java -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/java/net/gosecure/books/model/BookForm.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/java/net/gosecure/books/model/BookForm.java -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/application.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/application.properties -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/data/doc_book_preview.xsl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/data/doc_book_preview.xsl -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/data/doc_book_sample.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/data/doc_book_sample.xml -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/backup/backup.sql: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/backup/backup.sql -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/backup/index.htm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/backup/index.htm -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/css/bootstrap.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/css/bootstrap.css -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/css/bootstrap.min.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/css/bootstrap.min.css -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/css/freelancer.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/css/freelancer.css -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/css/override.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/css/override.css -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/css/font-awesome.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/css/font-awesome.css -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/css/font-awesome.min.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/css/font-awesome.min.css -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/fonts/FontAwesome.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/fonts/FontAwesome.otf -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/fonts/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/fonts/fontawesome-webfont.eot -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/fonts/fontawesome-webfont.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/fonts/fontawesome-webfont.svg -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/fonts/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/fonts/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/fonts/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/fonts/fontawesome-webfont.woff -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/bordered-pulled.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/bordered-pulled.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/core.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/core.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/fixed-width.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/fixed-width.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/font-awesome.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/font-awesome.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/icons.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/icons.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/larger.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/larger.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/list.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/list.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/mixins.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/mixins.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/path.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/path.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/rotated-flipped.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/rotated-flipped.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/spinning.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/spinning.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/stacked.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/stacked.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/less/variables.less: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/less/variables.less -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_bordered-pulled.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_bordered-pulled.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_core.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_core.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_fixed-width.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_fixed-width.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_icons.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_icons.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_larger.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_larger.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_list.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_list.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_mixins.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_mixins.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_path.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_path.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_rotated-flipped.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_rotated-flipped.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_spinning.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_spinning.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_stacked.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_stacked.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/_variables.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/_variables.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/font-awesome/scss/font-awesome.scss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/font-awesome/scss/font-awesome.scss -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/images/books/BreakingCrypto.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/images/books/BreakingCrypto.png -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/images/books/Googling.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/images/books/Googling.jpg -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/images/books/Hoping.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/images/books/Hoping.jpg -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/images/books/Pentesting.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/images/books/Pentesting.png -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/images/books/UselessCommits.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/images/books/UselessCommits.jpg -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/images/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/images/logo.jpg -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/ace/ace.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/ace/ace.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/ace/mode-html.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/ace/mode-html.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/ace/mode-xml.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/ace/mode-xml.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/ace/theme-github.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/ace/theme-github.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/ace/theme-textmate.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/ace/theme-textmate.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/bootstrap.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/bootstrap.min.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/jquery-ace.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/jquery-ace.min.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/jquery/jquery-1.8.3.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/jquery/jquery-1.8.3.min.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/js/json2.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/js/json2.js -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/static/robots.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/static/robots.txt -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/templates/admin_index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/templates/admin_index.html -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/templates/admin_upload.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/templates/admin_upload.html -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/templates/fragments/layout.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/templates/fragments/layout.html -------------------------------------------------------------------------------- /24_write_xxe/app/src/main/resources/templates/index.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/app/src/main/resources/templates/index.html -------------------------------------------------------------------------------- /24_write_xxe/solution/malicious.xsl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/solution/malicious.xsl -------------------------------------------------------------------------------- /24_write_xxe/solution/slow_http_server.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/solution/slow_http_server.py -------------------------------------------------------------------------------- /24_write_xxe/solution/slowserver.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/solution/slowserver.jar -------------------------------------------------------------------------------- /24_write_xxe/solution/xxe_exploit.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/24_write_xxe/solution/xxe_exploit.py -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/README.md -------------------------------------------------------------------------------- /codelabs/.gitignore: -------------------------------------------------------------------------------- 1 | xxe-workshop -------------------------------------------------------------------------------- /codelabs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/README.md -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image10.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image11.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image12.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image13.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image14.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image4.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image5.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image6.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image7.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image8.png -------------------------------------------------------------------------------- /codelabs/assets/exercise1/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise1/image9.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image10.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image11.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image12.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image13.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image14.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image15.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image16.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image4.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image5.png -------------------------------------------------------------------------------- /codelabs/assets/exercise2/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise2/image9.png -------------------------------------------------------------------------------- /codelabs/assets/exercise3/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise3/image4.png -------------------------------------------------------------------------------- /codelabs/assets/exercise3/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise3/image5.png -------------------------------------------------------------------------------- /codelabs/assets/exercise3/image6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise3/image6.png -------------------------------------------------------------------------------- /codelabs/assets/exercise3/image7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise3/image7.png -------------------------------------------------------------------------------- /codelabs/assets/exercise3/image8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise3/image8.png -------------------------------------------------------------------------------- /codelabs/assets/exercise3/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise3/image9.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image13.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image14.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image15.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image16.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image4.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image5.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image6.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image7.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image8.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/image9.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/jar_browse.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/jar_browse.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/jar_slow_server.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/jar_slow_server.png -------------------------------------------------------------------------------- /codelabs/assets/exercise4/jar_upload.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise4/jar_upload.png -------------------------------------------------------------------------------- /codelabs/assets/exercise5/image11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise5/image11.png -------------------------------------------------------------------------------- /codelabs/assets/exercise5/image12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise5/image12.png -------------------------------------------------------------------------------- /codelabs/assets/exercise5/image13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise5/image13.png -------------------------------------------------------------------------------- /codelabs/assets/exercise5/image14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise5/image14.png -------------------------------------------------------------------------------- /codelabs/assets/exercise5/image15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise5/image15.png -------------------------------------------------------------------------------- /codelabs/assets/exercise5/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise5/image4.png -------------------------------------------------------------------------------- /codelabs/assets/exercise5/image9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/exercise5/image9.png -------------------------------------------------------------------------------- /codelabs/assets/intro/entity1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/intro/entity1.png -------------------------------------------------------------------------------- /codelabs/assets/intro/entity2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/intro/entity2.png -------------------------------------------------------------------------------- /codelabs/assets/intro/malicious_payload.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/intro/malicious_payload.png -------------------------------------------------------------------------------- /codelabs/assets/intro/xml_everywhere.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/intro/xml_everywhere.png -------------------------------------------------------------------------------- /codelabs/assets/jar/temp_file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/jar/temp_file.png -------------------------------------------------------------------------------- /codelabs/assets/local-dtd/filename_exception.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/local-dtd/filename_exception.png -------------------------------------------------------------------------------- /codelabs/assets/out-of-bound/external_dtd.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/out-of-bound/external_dtd.gif -------------------------------------------------------------------------------- /codelabs/assets/out-of-bound/out1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/out-of-bound/out1.png -------------------------------------------------------------------------------- /codelabs/assets/out-of-bound/out2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/assets/out-of-bound/out2.png -------------------------------------------------------------------------------- /codelabs/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GoSecure/xxe-workshop/HEAD/codelabs/index.md --------------------------------------------------------------------------------