Security – XXE external entity attack.
XXE known ad XML eXternal Entities is an application security weakness by compromised data processed by an insecurely configured XML parser. XML files may contain the document type definition known as DTD, which describes the structure of an XML file. DTD allows us to define and use XML entities. Let’s see one example:
1 2 3 4 5 6 7 | <?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE order [ <!ENTITY lol SYSTEM "file:///D:/texts.txt"> ]> <order> <itemID>&lol;</itemID> </order> |
If… Read More »