all InfoSec news
XML External Entity injection with error-based data exfiltration
Jan. 29, 2024, 4:32 a.m. | Serj Novoselov
InfoSec Write-ups - Medium infosecwriteups.com
Introduction
In a recent project, I’ve uncovered a significant security issue that revolves around XML External Entity attacks.
This article delves into my journey of identifying and exploiting the XXE threat in our project in an unusual way to output the attack results — via Java exceptions in the log files.
What is XXE?
XML External Entity (XXE) is a security vulnerability that occurs in applications handling XML input. In an XXE attack, an attacker can exploit an application’s XML …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Honeypots 101: A Beginner’s Guide to Honeypots
3 days, 13 hours ago |
infosecwriteups.com
Devvortex Hackthebox Walkthrough
4 days, 13 hours ago |
infosecwriteups.com
Port Scanning for Bug Bounties
4 days, 13 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Security Specialist
@ Nestlé | St. Louis, MO, US, 63164
Cybersecurity Analyst
@ Dana Incorporated | Pune, MH, IN, 411057
Sr. Application Security Engineer
@ CyberCube | United States
Linux DevSecOps Administrator (Remote)
@ Accenture Federal Services | Arlington, VA
Cyber Security Intern or Co-op
@ Langan | Parsippany, NJ, US, 07054-2172
Security Advocate - Application Security
@ Datadog | New York, USA, Remote