▹ Watch me Live on Twitch every Monday and Thursday! - [ Ссылка ]

Portswigger Web Security Academy XML External Entity (XXE) Injection Lab: Exploiting XXE using external entities to retrieve files - [ Ссылка ]

Additional References for Further Exploration:

GoSecure Local DTD Discovery - [ Ссылка ]
Awesome In-Depth XXE Breakdown by PwnFunction - [ Ссылка ]
XML Reference from W3C - [ Ссылка ]

------------------------------------------------------------------------------
In this series, we take a look at Web Security Academy's External Entity Injection labs and break them down. The goal is to break down the concepts to not only get to the solution, but talk about methodology and the mental steps we take in order to discover these vulnerabilities in the wild.

Timestamps:
0:00​ Intro
0:17​ What is XXE?
0:41 What are Local Entities?
1:10 How about External Entities?
2:17 Lab Start: In-Band Exploitation of XXE
4:19 Basic XXE Discovery Workflow
4:57 Outro

------------------------------------------------------------------------------

Music:

"Lovely City"
Produced by Calum Bowen
[ Ссылка ]

"High Noon"
Produced by Bankrupt Beats
[ Ссылка ]

"Ikebaby"
Produced by Robotprins
[ Ссылка ]

свернуть