11XML EXTERNAL ENTITY
Attackers can exploit how an application parses eXtensible Markup Language (XML) by taking advantage of an XML External Entity (XXE) vulnerability. More specifically, it involves exploiting how the application processes the inclusion of external entities in its input. You can use an XXE to extract information from a server or to call on a malicious server.
eXtensible Markup Language
This vulnerability takes advantage of the external entities used in XML. XML is a metalanguage, meaning it’s used to describe other languages. It was developed as a response to the shortcomings of HTML, which can define only how data is displayed ...
Get Real-World Bug Hunting now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
