Overview
Write Ups Compilations/Resources
Main Resources
Labs
Cross Site Request Forgery
- Cross Site Request Forgery (CSRF)
Missing Access Controls
- Missing Access Controls
LFI / Directory Traversal
- Local File Inclusion
XXE
- XML External Entity (XXE)
Injection
SSRF
- Server-Side Request Forgery (SSRF)
  - SSRF Write-ups
  - Source Code Review
Unvalidated Redirects and Forwards
- Unvalidated Redirects and Forwards
  - Writeups
  - Source Code Examples
Verbose Error Messages and Stack Traces
- Verbose Error Messages and Stack Traces
  - Write-ups

Powered by GitBook

On this page

Was this helpful?

Resources

PreviousPayloads NextCommand Injection

Last updated 3 years ago

OWASP XML External Entity (XXE) Prevention Cheat Sheet
Timothy Morgan’s 2014 Paper: XML Schema, DTD, and Entity Attacks - A Compendium of Known Techniques
Precursor presentation of above paper - at OWASP AppSec USA 2013
CWE-611: Information Exposure Through XML External Entity Reference
CWE-827: Improper Control of Document Type Definition
Sascha Herzog’s Presentation on XML External Entity Attacks - at OWASP AppSec Germany 2010
PostgreSQL XXE vulnerability
SharePoint and DotNetNuke XXE Vulnerabilities, in French
XML Denial of Service Attacks and Defenses (in .NET)
Early (2002) BugTraq Article on XXE
http://www.synacktiv.fr/ressources/synacktiv_drupal_xxe_services.pdf

XML External Entity Prevention - OWASP Cheat Sheet Series

A Deep Dive Into Xxe Injection.Synack

Forcing XXE Reflection through Server Error MessagesNetSPI

XML External Entity (XXE) Processing | OWASP Foundation

What is XXE (XML external entity) injection? Tutorial & Examples | Web Security AcademyWebSecAcademy

XXE - XEE - XML External EntityHackTricks