Playing with Content-Type – XXE on JSON Endpoints
Tags
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Server - T1583.004 Server - T1584.004 Web Service - T1481 Web Services - T1583.006 Web Services - T1584.006 Web Service - T1102
Show in Graph
Common Information
Type Value
UUID a41e3193-f13a-4f87-a3a1-b7a518540ca4
Fingerprint 395aa91b380a26c6
Analysis status DONE
Considered CTI value 0
Text language
Published April 20, 2015, 7 a.m.
Added to db Jan. 18, 2023, 8:38 p.m.
Last updated Sept. 3, 2024, 6:38 a.m.
Headline Playing with Content-Type – XXE on JSON Endpoints
Title Playing with Content-Type – XXE on JSON Endpoints
Detected Hints/Tags/Attributes 18/1/2
Source URLs
Redirection Url
Details Source https://blog.netspi.com/playing-content-type-xxe-json-endpoints/
URL Provider
Details Provider Source level domain
Details netspi.com blog.netspi.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
someserver.netspi.com
Details File 6 
org.xml