From bf45a0a8e5c7e8cd8d035f40c80cea86350e5373 Mon Sep 17 00:00:00 2001 From: Bartosz Bogatko Date: Sun, 18 Nov 2018 13:18:01 +0100 Subject: [PATCH] Fix for XXE docs --- .../xxe/src/main/resources/lessonPlans/en/XXE_intro.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_intro.adoc b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_intro.adoc index e269ec948..4b8b0f3f7 100644 --- a/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_intro.adoc +++ b/webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_intro.adoc @@ -2,6 +2,7 @@ An XML Entity allows tags to be defined that will be replaced by content when the XML Document is parsed. In general there are three types of entities: + * internal entities * external entities * parameter entities. @@ -34,6 +35,7 @@ may be exploited by dereferencing a malicious URI, possibly allowing arbitrary c local resources that may not stop returning data, possibly impacting application availability if too many threads or processes are not released. In general we can distinguish the following kind of XXE attacks: + * Classic: in this case an external entity is included in a local DTD * Blind: no output and or errors are shown in the response * Error: try to get the content of a resource in the error message \ No newline at end of file