Ultimate XXE Beginner Guide

4 min readMar 6, 2021

--

What is it

XXE = XML eXternal Entities

XXE can occur when XML documents get parsed. We traditionally think of XXE vulnerabilities as uploading an XML file that includes an external entity, an example of this would be:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<foo>&xxe;</foo>

Thexssrat

Written by Thexssrat

No b*llshit Hacking tutorials with extreme value in short bursts

Recommended from Medium

Ajak Cyber security

How to Become a Successful Bug Bounty Hunter in 2023?

Hello Ajak Amico, I Hope Everybody is fine, Many fail at bug bounty at the initial stage and drop out soon, so today I will share how to…

4 min readApr 27

--

Thexssrat

10 Essential Tips for Bug Bounty Hunters

Bug bounty programs have become increasingly popular in recent years as a way for companies to ensure the security of their websites and…

5 min readFeb 7

--

Lists

Staff Picks

332 stories84 saves

Stories to Help You Level-Up at Work

19 stories53 saves

Self-Improvement 101

20 stories107 saves

Productivity 101

20 stories117 saves

Mike Takahashi
in
The Gray Area

5 Google Dorks Every Hacker Should Know

Uncover hidden endpoints and sensitive data using these Google dorks

3 min readJan 6

--

WHO AM I ?

How I found Reflected XSS in Users login page on Public Program ?

here I will discuss some ideas not tools so if you only use tools and don’t have any idea about real hunting please don’t waste your time…

3 min readMay 23

--

Aditya Shende

Finding Time Based SQLi injections : Edition 2023

Hi everyone,

4 min readJan 6

--

Muhammad Julfikar Hyder

Hacking API endpoints with IDOR

Hey folks! It’s me, Muhammad Julfikar Hyder(thejulfikar) back again with a new article. I’m writing about an IDOR I identified a few days…

4 min readJan 27

--

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech