Introduction So, this is our 9th lab where we will be performing XML or XXE injection. This lab is provided by PortSwigger Web Security and is named “Exploiting XXE to retrieve data by repurposing a … Read more
Introduction This is our 8th article on XML or XXE injection vulnerabilities. In this article, we will solve the PortSwigger Web Security lab “Exploiting XXE via Image File Upload.” If you haven’t checked the other … Read more
Introduction This is our third article on XML injection or XXE vulnerabilities. In this article, we will be solving the Blind XXE with out-of-band interaction lab. Basically, we will be using Burp Suite Collaborator for … Read more
introduction So, we have started the PortSwigger web security series in which we are currently working on server-side vulnerabilities. Today, we are exploring the topic of exploiting XXE to perform SSRF attacks. In this lab, … Read more
Introduction So, this is our 6th lab where we are solving the official PortSwigger Web Security labs. Today, we will solve the “Exploiting Blind XXE to Retrieve Data via Error Messages” lab. Just like in … Read more
Information Hello guys, today in Blind XXE with out-of-band interaction via XML parameter entities we will solve the 4th lab of PortSwigger Web Security. As you know, we are exploring XML or XXE vulnerabilities in … Read more
Introduction This is our 5th article on XXE and XML injection. Today, we will solve the lab on exploiting blind XXE to exfiltrate data using a malicious external DTD. We will follow easy steps to … Read more
Introduction to XXE Attacks Before jumping into XXE attacks, you should know about XML (Extensible Markup Language). People use XML, a popular language for formatting data, for various purposes, ranging from web services (XML-RPC, SOAP, … Read more
