XML Upload Challenge: Breaking Boundaries with External Entities

3 weeks ago 26
BOOK THIS SPACE FOR AD
ARTICLE AD

Josh Beck

Just now

--

Security Operations Center Classroom. iCSI@NEISD (San Antonio, TX)

This lab explores XXE exploitation, focusing on general vs. parameter entities — an essential concept in CTF competitions. General and parameter entities in XML each have distinct properties, limitations, and use cases. This lab provides hands-on experience with both types, highlighting their roles in data exfiltration techniques.

VM and Walkthrough here:

https://humble-raptor-f30.notion.site/XML-Upload-Challenge-Breaking-Boundaries-with-External-Entities-1274c8e523768028bb37fb8141c5f66c?pvs=4

Read Entire Article