Category: Cheat sheets

XXE Cheatsheet – XML External Entity Injection

All the fun of the post on XML External Entities (XXE) but less wordy!

 

<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY example "Doe"> ]>
 <userInfo>
  <firstName>John</firstName>
  <lastName>&example;</lastName>
 </userInfo>

Continue reading: XXE Cheatsheet – XML External Entity Injection