Love thy scripture – XXE

Categories
Injection, pentest, WAAS, Web Attacks, webdev

XXE (Extensible Markup Language External Entity) is a common type of injection which occurs in applications that fail to sanitize XML input; This is particularly common with web services.  The XML input in a webservice can be considered as a description of data so that two systems can have a common language to communicate with […]