Link Search Menu Expand Document

XML External Entities (XXE)

XXE is an attack used against applications that parse XML. If the XML parser is old or carelessly configured, it could read and interpret the incoming XML input as is, and thus the attacker could view files and interact with the host system in the same way the application could.[1, 2]

For a more detailed explanation, see this article.

References

[1] XML External Entity (XXE) Processing. OWASP. [https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)Processing](https://owasp.org/www-community/vulnerabilities/XML_External_Entity(XXE)_Processing). (Fetched 2021-03-28)
[2] Exploiting XML External Entity (XXE) Injections. Medium https://medium.com/@onehackman/exploiting-xml-external-entity-xxe-injections-b0e3eac388f9. (Fetched 2021-03-28)


Division of Network and Systems Engineering | KTH