XML External Entity (XXE)


An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

GitHub Source

https://github.com/vulnspy/phpaudit-XXE

Reference

XML External Entity (XXE) Processing - https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
未知攻焉知防——XXE漏洞攻防- 博客- 腾讯安全应急响应中心 - https://security.tencent.com/index.php/blog/msg/69
What is XML External Entity (XXE)? - https://www.acunetix.com/blog/articles/xml-external-entity-xxe-vulnerabilities/

All rights reserved. © 2018 VULNSPY