Learn how to exploit XML External Entity (XXE) vulnerabilities in this 13-minute tutorial focused on hacking the Gin and Juice Shop, a deliberately vulnerable web application by Portswigger. Master essential XXE concepts including basic XML structure, scanning result analysis, file retrieval techniques, Server-Side Request Forgery (SSRF), and blind XXE data exfiltration methods. Explore practical demonstrations using Burp Suite and other security tools while discovering hidden attack surfaces. Perfect for aspiring bug bounty hunters, security researchers, penetration testers, and CTF players looking to enhance their web application security testing skills.
XML External Entity Injection (XXE) - Exploiting Web Application Vulnerabilities - Episode 3
Overview
Syllabus
Intro
XML/XXE basics
Review scan results
Recreate the vulnerability XXE
XXE to retrieve files
XXE to SSRF
Blind XXE data exfiltration
Find hidden attack surface
Conclusion
Taught by
CryptoCat
Related Courses
-
Burp Web Security Academy - Practitioner Labs Walkthrough
-
Mastering Server-Side Request Forgery (SSRF) Vulnerabilities
-
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
4.6 -
Getting Started with Burp Suite for Web Penetration Testing - Episode 1
-
SQL Injection Tutorial - Union and Blind Attacks in Gin and Juice Shop
-
Modern Web Application Bugs
