© Sanjib Sinha 2019Sanjib SinhaBug Bounty Hunting for Web Securityhttps://doi.org/10.1007/978-1-4842-5391-5_8
8. Injecting Unintended XML
Howrah, West Bengal, India
Whenever we pen test an application and we see that the application functionality has XML parsing in the backend, we try to pen test the app with XML injection issues. Usually we use an XML parser to check whether the client application’s XML document is properly formatted or not. We also validate the XML documents with that XML parser. Before penetration testing any application with XML injection issues, using XML parsers is a normal procedure. This type of XML injection can cause medium to severe kind of damages to the application. It can alter the intended logic ...