OWASP XML External Entity (XXE) Prevention Cheat Sheet
Timothy Morgan’s 2014 Paper: XML Schema, DTD, and Entity Attacks - A Compendium of Known Techniques
Precursor presentation of above paper - at OWASP AppSec USA 2013
CWE-611: Information Exposure Through XML External Entity Reference
CWE-827: Improper Control of Document Type Definition
Sascha Herzog’s Presentation on XML External Entity Attacks - at OWASP AppSec Germany 2010
PostgreSQL XXE vulnerability
SharePoint and DotNetNuke XXE Vulnerabilities, in French
XML Denial of Service Attacks and Defenses (in .NET)
Early (2002) BugTraq Article on XXE
http://www.synacktiv.fr/ressources/synacktiv_drupal_xxe_services.pdf
Last updated 4 years ago
Was this helpful?
