XXE full name is XML External Entry. XXE basically XML injection is vulnerability that occurs when a input is concatenated with XML code. Also, changes of the application XML code becomes possible by the attacker

XXEinjector is a open source ruby based tool. The tool has retrieving files using direct and out of band methods. Directory listing functionality only works in Java apps and brute force method.

XXE

Download XXEinjector

LEAVE A REPLY

Please enter your comment!
Please enter your name here