#xxe #xml #owasp #blueteam #owasp #cybersecurity #womenintech #hacking
Chapters:
00:00 - Overview
03:53 - DTD & Entities
09:39 - XXE Intro & Definition
12:24 - Types of XXE
13:11 - XXE exploits to retrieve files - Theory & Practice
19:11 - XXE exploit to perform SSRF attack
21:11 - back-end SSRF attack - Practice & Theory
31:36 - Server SSRF attack - Practice & Theory
37:41 - XXE SSRF attack - graph
40:26 - Blind XXE vulnerabilities - Out-of-band - Theory
44:38 - XXE Prevention
References:
https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing - XML External Entity (XXE)
https://portswigger.net/web-security/xxe - XML external entity (XXE) injection
