We demonstrated and explained practically XML External Entity Injection using OWASP WebGoat lab.

An XML External Entity (XXE) attack is a vulnerability that abuses features of XML parsers/data. It often allows an attacker to interact with any backend or external systems that the application itself can access and can allow the attacker to read the file on that system. They can also cause Denial of Service (DoS) attack or could use XXE to perform Server-Side Request Forgery (SSRF) inducing the web application to make requests to other applications. XXE may even enable port scanning and lead to remote code execution..

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

CTF Writeups, OWASP, OWASP Webgoat, Penetration Testing, XML, XML Internal Entity Injection

Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

XML External Entity Injection Explained | EP1 | OWASP WebGoat

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Other stories

Javascript validation Bypass Explained | OWASP WebGoat

String SQL Injection Vulnerability Explained | EP3 | OWASP WebGoat

Press ESC to close

XML External Entity Injection Explained | EP1 | OWASP WebGoat

Leave a Reply Cancel reply

The MasterMinds Notes

About the Author

Share Article:

You might also like

Web Application Basics | TryHackMe Walkthrough

HackTheBox Sherlock: Meerkat Writeup and Walkthrough

LLM & AI Hacking: How AI is Being Exploited by Hackers | TryHackMe EvilGPT 1 & 2

Other stories

Javascript validation Bypass Explained | OWASP WebGoat

String SQL Injection Vulnerability Explained | EP3 | OWASP WebGoat