Why do we need three entities in external DTD for blind XXE?
I’m studying XXE vulnerabilities, and I don’t know much about XML.
Apparently for exfiltrating data from server, in the case that XXE vulnerability is blind, we need to make an external DTD like this:
<!ENTITY % file SYSTEM "file:/… Continue reading Why do we need three entities in external DTD for blind XXE?