00 — Overview

XML External Entity (XXE)

Learn how attackers abuse XML parsers to read server files, perform SSRF, and exfiltrate data — a vulnerability hiding in every API that accepts XML.

Intermediate·40 min·6 tasks

// By the end of this module

→Understand how XXE arises from XML external entity processing

→Read local files via XXE using file:// URIs

→Perform blind XXE with out-of-band data exfiltration

→Escalate XXE to SSRF to reach internal services

// Prerequisites

Foundation · Beginner

45 min

Foundation · Beginner

35 min