All Questions

1 question

4votes

1answer

466views

What's the use of an "extra" dynamic declaration in an external DTD blind XXE attack?

I've been studying XXE attacks through Portswigger's Web Security Academy. I stumbled upon a lab Exploiting blind XXE to exfiltrate data using a malicious external DTD. In this lab an attacker has to ...

Shuzheng

1,297

asked Sep 17, 2019 at 6:33

The Overflow Blog
Grab bag! On the floor at HumanX
How self-supervised language revolutionized natural language processing and...
Featured on Meta
Upcoming initiatives on Stack Overflow and across the Stack Exchange network...
Updates to advertising guidelines

Hot Network Questions

Double underline single label for bird ecology (BTO) notation in QGIS
Confusion with the max LC circuit impedance in LTspice
How to differentiate the Chinese Translation for "Specialized High Schools" and "Special Education School"?
Why are US executive orders so controversial? Aren't they just the chief executive telling the executive branch what to do?
Does the Paradox of Will Hold True?
How to refer to proprietors of small businesses (especially restaurants)?
Dodecahedron tracing
"Presenting" versus "bearing" a U.S.A. passport when entering Canada from the U.S.A
How to convincingly erase a population's memory?
Show that if the successor of 2 ordinals is the same, then the ordinals must be the same.
Difference between ∃x(Sx & Px) vs. ∃x(Sx → Px)
Meaning of "chinny chin chin" in a given context
Using labyrinth package with standalone class
(In)significance of spaces in parsing Fortran IV
Transfinite induction in Measure Theory
Is the rapid oxidation change from reddish-brown to black in copper dust after sanding a copper plate due to the dust's small particle size/exposure?
Box drawing number display
How to model a dodecahedron Rubick's cube?
Finding a probability of one random variable being minimum and another random variable being maximum among n i.i.d. random variables
Use of code defined with expl3 in tikzpicture environments
Whois Query to .app TLD gives "getaddrinfo(whois.nic.app): Name or service not known"
Rules as written, are Orcs and Drow now functionally the same?
Why full-wave bridge circuit connect ground
Idiomatic way of generating a unique filename?

All Questions

What's the use of an "extra" dynamic declaration in an external DTD blind XXE attack?

Related Tags

Hot Network Questions