~/saurinn
>Web application security blog
>Bug bounty hunting stuff
Articles
View All- From PDF to Pwn: An Out-of-Band XXE via a vulnerable iText Library
This article explains how I found an XML External Entity (XXE) injection through a specially crafted PDF file.
Aug 23, 2025
8 min