Exploiting The Entity: XXE (XML External Entity Injection)

History In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML External Entity attacks on their major applications. One such vulnerability that has been around for many years is XML external entity injection or XXE. For example, this vulnerability can be....

Read the rest of this story with a free account.

Already have an account? Sign in

September 6, 2018

Author

Bartek Adach

Latest Articles

Blog2022.12.28Cybersecurity in Education: What Parents, Teachers, and Students Should Know in 2023
Blog2022.12.15Remembering Leonard Jacobs
Blog2022.09.30VPN Security: A Pentester's Guide to VPN Vulnerabilities
Blog2022.08.09AppSec Tales II | Sign-in

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments

Newest

Oldest Most Voted

Inline Feedbacks

View all comments

nutthaphon

5 years ago

test.txt in captured image it show 255.255.255.192 not 255.255.255.254 from explanation , It must be the same? or I am misunderstanding

Andrewjerome

5 years ago

Reply to nutthaphon

Its a typo error, it should be 255.255.255.192 only @nutthaphon, Apart from that this article is so good. Keep it up, Man. Personally you showed some real time attack, apart from other ppl showing DVWA and other vulnerable applications.

Exploiting The Entity: XXE (XML External Entity Injection)

Author

Latest Articles

Join Us

https://pentestmag.com/wp-content/uploads/2023/06/PenTeswhitet.svg

Exploiting The Entity: XXE (XML External Entity Injection)

Author

Latest Articles

Join Us

Thank you!

https://pentestmag.com/wp-content/uploads/2023/06/PenTeswhitet.svg