Yasin Soliman

Yasin Soliman


I'm Yasin, a security analyst and researcher from the UK. This is my personal blog for sharing technical findings. I also write for Graham Cluley and Tripwire.

Twitter


From RSS to XXE: feed parsing on Hootsuite

Mike Knoop's research into XXE exploitation inspired me to experiment with RSS parsing on Hootsuite. These vulnerabilities arise when a parser validates and processes XML-based input which contains references to an external entity. Within fifteen minutes of testing, I had gained a pingback and demonstrated an exfiltration of /etc/issue.…

Yasin SolimanYasin Soliman