Skip to content

XXE vulnerability  #25

Closed
Closed
@guykoth

Description

@guykoth

DTD processing was enabled and therefore, XML deserialization process was vulnerable to XML External Entity Injection (I was able to expose local files).
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

Suggestion is to ignore client-side DOCTYPE declarations.

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions