01Intro

What are XXE attacks?

Easy20MIN

Unexpected Features

Vulnerabilities come in a plethora of different names, but they can generally be divided into a significantly smaller number of basic concepts. One of these concepts is "unexpected features", which refers to a vulnerability that arises from a developer using a software component, tool, protocol, etc. whose functionality they do not fully understand.

Here is one excellent example of a 20,000€ bug bounty that GitLab paid on the Hackerone platform for a remote code execution vulnerability found in their markdown editor. The vulnerability was found in their markdown parser (KramDown) which they were not aware of, and it allowed for performing malicious actions by inputting a certain format of markdown into the application. https://hackerone.com/reports/1125425

However, much more common vulnerability in this category is XXE, which we learn in this course. XXE is an abbreviation for XML External Entity, which means the external entity of the XML protocol. So, it is a part of the XML protocol that developers often are not aware of.

1 / 10
Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.