Skip to content

Commit

Permalink
Fix for XXE docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@XyrusQ @nbaars
XyrusQ authored and nbaars committed Dec 14, 2018
1 parent f81a685 commit bf45a0a
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_intro.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

An XML Entity allows tags to be defined that will be replaced by content when the XML Document is parsed.
In general there are three types of entities:

* internal entities
* external entities
* parameter entities.
Expand Down Expand Up @@ -34,6 +35,7 @@ may be exploited by dereferencing a malicious URI, possibly allowing arbitrary c
local resources that may not stop returning data, possibly impacting application availability if too many threads or processes are not released.

In general we can distinguish the following kind of XXE attacks:

* Classic: in this case an external entity is included in a local DTD
* Blind: no output and or errors are shown in the response
* Error: try to get the content of a resource in the error message

0 comments on commit bf45a0a

Please sign in to comment.