mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 19:36:33 +00:00

Files

T

copilot-swe-agent[bot] bc2ccbb10e Add XML injection, prompt injection, enhanced open redirect payloads, and contribution guidelines

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 19:33:07 +00:00

730 B

Raw Blame History

XML Injection

Description

XML Injection vulnerabilities occur when user-supplied data is inserted into XML documents without proper validation or sanitization. This can lead to XML External Entity (XXE) attacks, XML injection attacks, and other security issues.

Common Attack Vectors

XML External Entity (XXE) injection
XML structure manipulation
SOAP injection
XPath injection via XML
XML Entity Expansion (Billion Laughs attack)

Testing Approach

Test XML input fields, file uploads, and APIs that accept XML data. Try injecting malicious XML entities and structures to manipulate the application behavior.

Payloads

See xml-injection-payloads.txt for a comprehensive list of XML injection payloads.

730 B Raw Blame History