Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
73 views4 pages

Offensive Approach To Hunt Bugs

XML external entity injection (XXE) allows unintended XML content and structures to alter the logic of an XML application. To hunt for XXE vulnerabilities, inject XML or special characters into input parameters and check for XML parsing errors. Also check input parameters specified as XML in a web service's WSDL document. Use intruder tools to inject XML payloads to retrieve system configuration files.

Uploaded by

Pramod Vishwakarma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
73 views4 pages

Offensive Approach To Hunt Bugs

XML external entity injection (XXE) allows unintended XML content and structures to alter the logic of an XML application. To hunt for XXE vulnerabilities, inject XML or special characters into input parameters and check for XML parsing errors. Also check input parameters specified as XML in a web service's WSDL document. Use intruder tools to inject XML payloads to retrieve system configuration files.

Uploaded by

Pramod Vishwakarma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Offensive Approach to Hunt Bugs

XXE
1/4
Background Concept XXE
XML Injection is an attack technique used to manipulate or compromise the logic of
an XML application or service. The injection of unintended XML content and/or
structures into an XML message can alter the intend logic of the application.

2/4
Hunting of XXE


Attempt to inject XML or reserved characters into input parameters and observe if
XML parsing errors are generated.

For web services, check each input parameter specified in the WSDL document for
those of type XML.

3/4
Hunting for XXE


Attempt to inject XML or reserved characters into input parameters and observe if
XML parsing errors are generated.

For web services, check each input parameter specified in the WSDL document for
those of type XML.

Use intruder to inject xml payloads to fetch system configuration files

4/4

You might also like