According to Wikipedia, an XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
Most XML parsers are vulnerable to XXE attacks by default. That is why the responsibility of ensuring the application does not have this vulnerability lays mainly on the developer.
What are the XML external entity attack vectors?
According to the OWASP Top 10, the XML external entities (XXE) main attack vectors include the exploitation of:
Vulnerable XML processors if malicious actors can upload XML or include hostile content in an XML document
Vulnerable code
Vulnerable dependencies
Vulnerable integrations
إرسال تعليق