We demonstrated and explained practically XML External Entity Injection using OWASP WebGoat lab.

An XML External Entity (XXE) attack is a vulnerability that abuses features of XML parsers/data. It often allows an attacker to interact with any backend or external systems that the application itself can access and can allow the attacker to read the file on that system. They can also cause Denial of Service (DoS) attack or could use XXE to perform Server-Side Request Forgery (SSRF) inducing the web application to make requests to other applications. XXE may even enable port scanning and lead to remote code execution..

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

CTF Writeup, OWASP, OWASP Webgoat, Penetration Testing, XML, XML Internal Entity Injection

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

XML External Entity Injection Explained | EP1 | OWASP WebGoat

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Javascript validation Bypass Explained | OWASP WebGoat

String SQL Injection Vulnerability Explained | EP3 | OWASP WebGoat

Press ESC to close

XML External Entity Injection Explained | EP1 | OWASP WebGoat

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Javascript validation Bypass Explained | OWASP WebGoat

String SQL Injection Vulnerability Explained | EP3 | OWASP WebGoat