dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix for XXE docs

Browse Source
This commit is contained in:
Bartosz Bogatko
2018-11-18 13:18:01 +01:00
committed by Nanne Baars
parent f81a6852db
commit bf45a0a8e5
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_intro.adoc
View File

@ -2,6 +2,7 @@
An XML Entity allows tags to be defined that will be replaced by content when the XML Document is parsed.
In general there are three types of entities:
* internal entities
* external entities
* parameter entities.
@ -34,6 +35,7 @@ may be exploited by dereferencing a malicious URI, possibly allowing arbitrary c
local resources that may not stop returning data, possibly impacting application availability if too many threads or processes are not released.
In general we can distinguish the following kind of XXE attacks:
* Classic: in this case an external entity is included in a local DTD
* Blind: no output and or errors are shown in the response
* Error: try to get the content of a resource in the error message