mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 19:36:33 +00:00
Add XML injection, prompt injection, enhanced open redirect payloads, and contribution guidelines
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -0,0 +1,17 @@
|
||||
# XML Injection
|
||||
|
||||
## Description
|
||||
XML Injection vulnerabilities occur when user-supplied data is inserted into XML documents without proper validation or sanitization. This can lead to XML External Entity (XXE) attacks, XML injection attacks, and other security issues.
|
||||
|
||||
## Common Attack Vectors
|
||||
- XML External Entity (XXE) injection
|
||||
- XML structure manipulation
|
||||
- SOAP injection
|
||||
- XPath injection via XML
|
||||
- XML Entity Expansion (Billion Laughs attack)
|
||||
|
||||
## Testing Approach
|
||||
Test XML input fields, file uploads, and APIs that accept XML data. Try injecting malicious XML entities and structures to manipulate the application behavior.
|
||||
|
||||
## Payloads
|
||||
See `xml-injection-payloads.txt` for a comprehensive list of XML injection payloads.
|
||||
Reference in New Issue
Block a user