PortSwigger
latest
服务端
Server-side topics
SQL injection
Authentication
Path traversal
Command Injection
业务逻辑漏洞
信息泄露
Access Control
File Upload
Server Side Request Forgery
xxe-injection
XML external entity (XXE) injection
XML entities
客户端
Cross-site scripting
Cross-site request forgery (CSRF)
Cross-origin resource sharing (CORS)
PortSwigger
Server-side topics
xxe-injection
在 GitHub 上编辑
xxe-injection
XXE注入是最后一个服务端漏洞。读完以下文章你将会学到的知识有:
XXE漏洞的利用方式和防御措施
XML实体的定义、DTD的定义
XML external entity (XXE) injection
XML entities