Skip to main content
Information Security

All Questions

Ask Question
Tagged with
7 questions
NewestActiveBountiedUnanswered
4votes
1answer
466views

What's the use of an "extra" dynamic declaration in an external DTD blind XXE attack?

I've been studying XXE attacks through Portswigger's Web Security Academy. I stumbled upon a lab Exploiting blind XXE to exfiltrate data using a malicious external DTD. In this lab an attacker has to ...
Shuzheng's user avatar
Shuzheng
  • 1,297
1vote
1answer
2kviews

Difference between XML external entities and Remote File Inclusion attacks

I was just studying about the XML external entities attack and Remote File Inclusion Attack. According to my understanding, the XML external entities attack is where the XML parser in the web ...
Skynet's user avatar
Skynet
  • 598
4votes
1answer
916views

Approach for testing XXE injection

I have been discussing xxe injection in my web application,My web application allows expansion of user-supplied XML entities What i did: Intercepted traffic using Burp. Changed the request with ...
BlueBerry - Vignesh4303's user avatar
BlueBerry - Vignesh4303
  • 5,155
2votes
1answer
2kviews

Preventing XXE Injection

I've stumbled upon an exploit method which I haven't really had time to investigate before. XML eXternal Entity is said to be susceptible of a server-side type of injection. I can specify a Document ...
SkippyJack's user avatar
SkippyJack
  • 23
0votes
1answer
292views

How does DOCTYPE selection affect security of my AJAX app?

I'm considering using modern techniques to protect my Javascript code and am studying how the DOCTYPE element selection may impact that. Specifically, the linked question used IFrames which are not ...
makerofthings7's user avatar
makerofthings7
  • 51.1k
11votes
1answer
881views

Public XSLT & XML playground (with PHP DOMDocument, etc.) Security Risks?

Let's say I want to set up a sandbox or playground in PHP that users can use to create (or paste in) XML and XSLT, then transform the XML via the XSLT (by means of PHP 5's DOMDocument and related ...
tex's user avatar
tex
  • 213
-1votes
2answers
598views

What can one define as quality criteria for an XML Schema?

One of the usage of Input validation, is to be protect against XSS. In case one would need to define best practice for the functions validating the input, then some (which I am calling quality ...
Phoenician-Eagle's user avatar
Phoenician-Eagle
  • 2,227

close