IT Questions and Answers :)

Wednesday, April 17, 2019

XML is a widely used data format used in everything from web services to documents to images. Where XML is used, there must be an XML parser. Which type of attack takes advantage of a widely available feature of XML parsers?

XML is a widely used data format used in everything from web services to documents to images. Where XML is used, there must be an XML parser. Which type of attack takes advantage of a widely available feature of XML parsers?

  • XML Entropy Scoping (XXS)
  • XML Extra Sanitizing (XXS)
  • XML Extensive Threads (XXT)
  • XML External Entities (XXE) 

XML is a widely used data format used in everything from web services to documents to images. Where XML is used, there must be an XML parser. Which type of attack takes advantage of a widely available feature of XML parsers?

EXPLANATION

An XML External Entity (XXE) attack (sometimes called an XXE injection attack) is based on Server Side Request Forgery (SSRF). This type of attack abuses a widely available but rarely used feature of XML parsers. Using XXE, an attacker is able to cause Denial of Service (DoS) as well as access local and remote content and services.
Share:

0 comments:

Post a Comment

Popular Posts