S. SinhaBug Bounty Hunting for Web Securityhttps://doi.org/10.1007/978-1-4842-5391-5_8

8. Injecting Unintended XML

Sanjib Sinha¹

(1)

Howrah, West Bengal, India

Whenever we pen test an application and we see that the application functionality has XML parsing in the backend, we try to pen test the app with XML injection issues. Usually we use an XML parser to check whether the client application’s XML document is properly formatted or not. We also validate the XML documents with that XML parser. Before penetration testing any application with XML injection issues, using XML parsers is a normal procedure. This type of XML injection can cause medium to severe kind of damages to the application. It can alter the intended logic of the ...

Get Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Bug Bounty Hunting for Web Security: Find and Exploit Vulnerabilities in Web sites and Applications by Sanjib Sinha

8. Injecting Unintended XML

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly