© Sanjib Sinha 2019
Sanjib SinhaBug Bounty Hunting for Web Securityhttps://doi.org/10.1007/978-1-4842-5391-5_8

8. Injecting Unintended XML

Sanjib Sinha
(1)
Howrah, West Bengal, India
 
Whenever we pen test an application and we see that the application functionality has XML parsing in the backend, we try to pen test the app with XML injection issues. Usually we use an XML parser to check whether the client application’s XML document is properly formatted or not. We also validate the XML documents with that XML parser. Before penetration testing any application with XML injection issues, using XML parsers is a normal procedure. This type of XML injection can cause medium to severe kind of damages to the application. It can alter the intended logic ...

Get Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.