all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Decoding XML Vulnerabilities: From Basics to Exploits in XML External Entities

Add to bookmarks
Sept. 27, 2023, 10:35 a.m. | Gowthamaraj Rajendran (@fuffsec)

System Weakness - Medium systemweakness.com

Source

Vulnerabilities within XML parsing can act as the exploitation point for many systems. Combined, they can lead to severe consequences, including data leaks, SSRF, service disruptions, and even remote command or code execution.

Introduction to XML

This post aims to explain the syntax and concepts of XML entities, which could be used as potential cyber attack vectors if not understood completely.

XML combines markup and content, using tags as its primary form of markup to structure and validate data …

ctf owasp security web security xxe

Visit resource

More from systemweakness.com / System Weakness - Medium

IDOR Attacks Demystified: How They Work and How to Prevent Them 3 days, 17 hours ago | systemweakness.com
attacks business compromise confidentiality +13
How does Single Sign-on (SSO) interact with Active Directory (AD) and Outlook? 3 days, 17 hours ago | systemweakness.com
access active directory applications authentication +15
OSI Model & TCP/IP Comparison 3 days, 17 hours ago | systemweakness.com
access communication deals frameworks +14
First AD home lab 4 days, 13 hours ago | systemweakness.com
access active directory building can +17
3 Steps to protect yourself from Prompt Injection 4 days, 13 hours ago | systemweakness.com
prompt-engineering prompt injection security
Clocky | TryHackMe Write-up 5 days, 12 hours ago | systemweakness.com
ctf ctf-writeup tryhackme tryhackme-walkthrough +1
Bypassing Aquatone’s lack of ability to take screenshots of private websites 5 days, 12 hours ago | systemweakness.com
automation cybersecurity hacking pentesting +1
Tuesday Morning Threat Report: Apr 30, 2024 5 days, 12 hours ago | systemweakness.com
analysis artificial intelligence bad customers +21
Staying Anonymous — Ethical Hacking as a Beginner [09] 5 days, 12 hours ago | systemweakness.com
anonymous beginner communication cybersecurity +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Director, Cyber Risk

@ Kroll | South Africa
View on infosec-jobs.com

Security Engineer, XRM

@ Meta | New York City
View on infosec-jobs.com

Security Analyst 3

@ Oracle | Romania
View on infosec-jobs.com

Internship - Cyber Security Operations

@ SES | Betzdorf, LU
View on infosec-jobs.com

Principal Product Manager (Network/Security Management) - NetSec

@ Palo Alto Networks | Bengaluru, India
View on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com
View more jobs