O'Reilly logo

Real-World Bug Hunting by Peter Yaworski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

11XML EXTERNAL ENTITY

Image

Attackers can exploit how an application parses eXtensible Markup Language (XML) by taking advantage of an XML External Entity (XXE) vulnerability. More specifically, it involves exploiting how the application processes the inclusion of external entities in its input. You can use an XXE to extract information from a server or to call on a malicious server.

eXtensible Markup Language

This vulnerability takes advantage of the external entities used in XML. XML is a metalanguage, meaning it’s used to describe other languages. It was developed as a response to the shortcomings of HTML, which can define only how data is displayed ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required