XML External Entity Injection (XXE) - Exploiting Web Application Vulnerabilities - Episode 3
The Most Addictive Python and SQL Courses
NY State-Licensed Certificates in Design, Coding & AI — Online
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Learn how to exploit XML External Entity (XXE) vulnerabilities in this 13-minute tutorial focused on hacking the Gin and Juice Shop, a deliberately vulnerable web application by Portswigger. Master essential XXE concepts including basic XML structure, scanning result analysis, file retrieval techniques, Server-Side Request Forgery (SSRF), and blind XXE data exfiltration methods. Explore practical demonstrations using Burp Suite and other security tools while discovering hidden attack surfaces. Perfect for aspiring bug bounty hunters, security researchers, penetration testers, and CTF players looking to enhance their web application security testing skills.
Syllabus
Intro
XML/XXE basics
Review scan results
Recreate the vulnerability XXE
XXE to retrieve files
XXE to SSRF
Blind XXE data exfiltration
Find hidden attack surface
Conclusion
Taught by
CryptoCat