Home > Computers & Technology > Networking & Cloud Computing

Hands-on Penetration Testing for Web Applications by Richa Gupta

Author:Richa Gupta [Gupta, Richa] , Date: July 31, 2021 ,Views: 330

Hands-on Penetration Testing for Web Applications by Richa Gupta

Author:Richa Gupta [Gupta, Richa]
Language: eng
Format: epub
ISBN: 9789389328547
Publisher: BPB Publications
Published: 2021-07-15T00:00:00+00:00


<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE foo [

<!ELEMENT foo ANY >

<!ENTITY xxe SYSTEM "file:///etc/shadow" >]>

<foo>&xxe;</foo>

XXE attacks can be used to perform various tasks as follows.

Exploiting XXE to retrieve files

An XXE attack can be exploited to retrieve arbitrary files from the server file system. For this exploitation, we need to modify the submitted XML in the following ways:

Add or edit a DOCTYPE element that defines an external entity containing the path to the file from the server file system.

Edit a data value in the XML which will be returned in the application's response to make use of the defined external entity.



Download

Hands-on Penetration Testing for Web Applications by Richa Gupta.epub


Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Categories
Linux & Unix iPhone & iOS
Macintosh Android
Business Technology Certification
Computer Science Databases & Big Data
Digital Audio, Video & Photography Games & Strategy Guides
Graphics & Design Hardware & DIY
History & Culture Internet & Social Media
Mobile Phones, Tablets & E-Readers Networking & Cloud Computing
Operating Systems Programming
Programming Languages Security & Encryption
Software Web Development & Design
Popular ebooks
The Mikado Method by Ola Ellnestam Daniel Brolund(9813)
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7810)
Grails in Action by Glen Smith Peter Ledbrook(7719)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6840)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6839)
Running Windows Containers on AWS by Marcio Morales(6367)
Kotlin in Action by Dmitry Jemerov(5092)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(5070)
Combating Crime on the Dark Web by Nearchos Nearchou(4648)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4616)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4438)
The Ruby Workshop by Akshat Paul
 Peter Philips 
Dániel Szabó
 and Cheyne Wallace(4335)
The Age of Surveillance Capitalism by Shoshana Zuboff(3979)
Python for Security and Networking - Third Edition by José Manuel Ortega(3895)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3555)
Learn Wireshark by Lisa Bock(3531)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3528)
Mastering Python for Networking and Security by José Manuel Ortega(3376)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3356)
Blockchain Basics by Daniel Drescher(3325)