This document discusses exploiting XML external entity (XXE) injection vulnerabilities to retrieve local files, perform server-side request forgery (SSRF) attacks, and use XInclude to access files by abusing XML parsers that allow external entity references. It also covers using XXE through image file uploads.
This document discusses exploiting XML external entity (XXE) injection vulnerabilities to retrieve local files, perform server-side request forgery (SSRF) attacks, and use XInclude to access files by abusing XML parsers that allow external entity references. It also covers using XXE through image file uploads.
This document discusses exploiting XML external entity (XXE) injection vulnerabilities to retrieve local files, perform server-side request forgery (SSRF) attacks, and use XInclude to access files by abusing XML parsers that allow external entity references. It also covers using XXE through image file uploads.