Hacker101 — XML External Entities

XML External Entity attacks take advantage of a unique logic flaw to allow hackers to read files or access URLs. While they’re not necessarily the most exciting bugs, the outcomes which can be achieved certainly make up for it.

In this video, we’ll talk about what XML entity definitions are, how they work, and how we can use these definitions to find potentially-critical bugs.