Analysis of XXE 0days in PHPSpreadsheet < 3.4.0
We deep-dive into how it has been possible to find two XXE 0day vulnerabilities in PHPSPreadsheet, bypassing the actual defences and subsequent fixes.
Saving a payload in VIM can actually run it
Have you ever used VIM to save an XXE payload found on the web? If yes, the editor may have done an HTTP request without your knowledge.