Where to look for bugs?

WHERE TO LOOK FOR XXS?"

"WHERE TO LOOK FOR CSRF?"

“WHERE TO LOOK FOR IDOR?”

“WHERE TO LOOK FOR PE?”

"WHERE TO LOOK FOR SSRF?"

"WHERE TO LOOK FOR RCE?"

"WHERE TO LOOK FOR XXE?"

"WHERE TO LOOK FOR LFI?"

"WHERE TO LOOK FOR RFI?"

"WHERE TO LOOK FOR COMMAND INJECTION?"

"WHERE TO LOOK FOR SQLi?"

"WHERE TO LOOK FOR ANY INJECTION BUG?"

"WHERE TO LOOK FOR LOGIC BUG?"

"WHERE TO LOOK FOR WAF-BYPASS?"

https://www.bugcrowd.com/blog/how-to-find-xxe-bugs/

This is Luke Stephens Example & Add your with expreince.

WHERE TO LOOK FOR XXE?

**In a nutshell, XXE should be tested whenever XML is parsed, which is probably more common than you think. Below is a list of ideas:

  • XML APIs
  • SOAP APIs
  • Anywhere that a Microsoft office (docx/xlxs/pptx/etc.) file is parsed. These are just zip files filled with XML files.
  • RSS feed parsers (RSS feeds are just XML)
  • SAML Authentication
  • HTML parsing (for example, converting HTML to a PDF)
  • Functionality that parses sitemap.xml files
  • Functionality that parses SVG files **

thanks for the awesome information.