Lecture 76 - Introduction to XXE Injection Vulnerabilities

Previous Lesson Complete and Continue

Learn Bug Bounty Hunting & Web Security Testing From Scratch

Training Overview

Section 1 - Introduction

Section 2 - Information Disclosure vulnerabilities

Section 3 - Broken Access Control Vulnerabilities

Section 4 - Path/Directory Traversal

Section 5 - CSRF - Client-Side Request Forgery

Lecture 25 - Discovering & Exploiting CSRF Vulnerabilities (9:19)

Section 6 - OAUTH 2.0 Vulnerabilities

Section 7 - Injection Vulnerabilities

Section 8 - OS Command Injection

Lecture 32 - Discovering Blind Command Injection Vulnerabilities (9:00)
Lecture 33 - Discovering Asynchronous Blind Command Injection Vulnerabilities (8:08)
Lecture 34 - Using Burp Collaborator to Exploit Asynchronous Blind Command Injection (5:28)

Section 9 - XSS - Cross Site Scripting

Section 10 - DOM XSS Vulnerabilities

Section 11 - XSS - Bypassing Security

Section 12 - Bypassing Content Security Policy (CSP)

Section 13 - SQL Injection Vulnerabilities

Section 14 - Blind SQL Injections

Section 15 - Time-Based Blind SQL Injection

Section 16 - SSRF (Server-Side Request Forgery)

Section 17 - SSRF - Advanced Exploitation

Section 18 - SSRF - Bypassing Security

Section 19 - Blind SSRF Vulnerabilities

Section 20 - XXE (XML External Entity) Injection

Section 21 - 2 Hour Live Bug Hunting !

Section 22 - Participating in Bug Bounty Programs

Audio Version of Training

Audio Download

Lecture 76 - Introduction to XXE Injection Vulnerabilities

Download

XXE slides.pdf

Download

XXE slides.pdf

In this section, we're going to cover XXE or XML External Entity Injection.

According to OWASP Top 10, this is the fifth most common security threat or vulnerability within the tested websites, with 90% of the tested websites being vulnerable to it.

Now, this actually moved from number 6 to number 5 and more and more websites are actually being discovered with these vulnerabilities.

That's why chances are as time goes by, this might actually move up the list.

GitHub and twitter were actually vulnerable to this vulnerability before with twitter paying $10,000 to the hunter that discovered it.

So as usual, keep your eyes open, stay focused, practice what I'm going to show you and you'll be discovering them and cashing out some bounties in no time.

Complete and Continue

Become a Member and Get Unlimited Access to 310+ Top Cyber Security Courses.

UPGRADE NOW