HolyGhost logoHolyGhost

#xxe

1 post

Analysis

XXE: When an XML Parser Reads Files It Should Not

XML has a feature that lets a document pull in outside content. Point it at a local file or an internal server and a helpful parser becomes a data leak. Here is how XML External Entity attacks work.

9 min read·#xxe#web-security#xml