11XML EXTERNAL ENTITY

Image

Attackers can exploit how an application parses eXtensible Markup Language (XML) by taking advantage of an XML External Entity (XXE) vulnerability. More specifically, it involves exploiting how the application processes the inclusion of external entities in its input. You can use an XXE to extract information from a server or to call on a malicious server.

eXtensible Markup Language

This vulnerability takes advantage of the external entities used in XML. XML is a metalanguage, meaning it’s used to describe other languages. It was developed as a response to the shortcomings of HTML, which can define only how data is displayed ...

Get Real-World Bug Hunting now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.