Showing posts from June, 2020

13 - XXE in XMage Client <= 1.4.42V7

XXE in XMage Client <= 1.4.42V7 Lately, I've been doing quite a bit of SCR engagements for work. In my efforts to become a little better, I've been doing more on my own time. I enjoy code review, but alas like anything else it can get boring at times. In order to make it not quite so boring, I look for applications that interest me. One application I started poking around with is named  XMage -- it's a java application that a few friends and I use to play MtG. While admittedly a little bit clunky, XMage does a phenomenal job at rules enforcement, something similar clients don't even attempt. In fact, so good a job it's likely you'll find out that some cards really don't work like you think they do (total buzzkill). XMage is open source and has some great documentation. I got the latest build set up in IDEA with the help of maven and began by running SpotBugs against the Client and Server. To my dismay, the results were mega boring . Instead of just trus