all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Importance of stacking entities in a XXE?

Add to bookmarks
Nov. 10, 2023, 4:17 p.m. | /u/FreeRaider1

cybersecurity www.reddit.com

Hi there!

I've been trying to understand some concepts regarding XXE attacks. I'm using the incredible content of PortSwigger: [https://portswigger.net/web-security/xxe/blind](https://portswigger.net/web-security/xxe/blind)However, there is a thing that I don't understand and I've been unable to find an answer. I will appreciate any kind of help.

When discussing blind XXE, they mention the importance of hosting a malicious DTD file and then reference it within the XML payload. It is important to use an external DTD because when using external DTD you can …

cybersecurity entities error external file hosting important malicious payload reference study xml xxe

Visit resource

More from www.reddit.com / cybersecurity

Hey cybersecurity peeps, what have you automated? an hour ago | www.reddit.com
automate automated boys can +8
Hackers discover how to reprogram NES Tetris from within the game 2 hours ago | www.reddit.com
cybersecurity discover game hackers +1
How can I break into cybersecurity after my IT audit internship? 10 hours ago | www.reddit.com
audit can cybersecurity don +1
It's RSA week, so get ready for some of the dumbest cybersec shit to be … 13 hours ago | www.reddit.com
business ciso cybersec cybersecurity +6
China hacked Ministry of Defence, Sky News learns 15 hours ago | www.reddit.com
china cybersecurity defence hacked +2
Ring agrees to pay $5.6 million after cameras were used to spy on customers | … 20 hours ago | www.reddit.com
cameras customers cybersecurity malwarebytes +3
Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know 21 hours ago | www.reddit.com
apple cybersecurity iphone problem +1
Thoughts on forcing users to see aliases instead of emails in Microsoft? 21 hours ago | www.reddit.com
address alias cybersecurity email +7
Change Healthcare cyberattack: 5 technical takeaways from UnitedHealth CEO’s testimony 21 hours ago | www.reddit.com
ceo change change healthcare cyberattack +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information System Security Officer (ISSO)

@ LinQuest | Boulder, Colorado, United States
View on infosec-jobs.com

Project Manager - Security Engineering

@ MongoDB | New York City
View on infosec-jobs.com

Security Continuous Improvement Program Manager (m/f/d)

@ METRO/MAKRO | Düsseldorf, Germany
View on infosec-jobs.com

Senior JavaScript Security Engineer, Tools

@ MongoDB | New York City
View on infosec-jobs.com

Principal Platform Security Architect

@ Microsoft | Redmond, Washington, United States
View on infosec-jobs.com

Staff Cyber Security Engineer (Emerging Platforms)

@ NBCUniversal | Englewood Cliffs, NEW JERSEY, United States
View on infosec-jobs.com
View more jobs