XXE full name is XML External Entry. XXE basically XML injection is vulnerability that occurs when a input is concatenated with XML code. Also, changes of the application XML code becomes possible by the attacker

XXEinjector is a open source ruby based tool. The tool has retrieving files using direct and out of band methods. Directory listing functionality only works in Java apps and brute force method.


Download XXEinjector


Please enter your comment!
Please enter your name here