XXE in .Net and XPathDocument
Posted by James Jardine on September 12, 2016 · Comments Off on XXE in .Net and XPathDocument
Filed under: Security
Filed under: Security
XXE, or XML External Entity, is an attack against applications that parse XML. It occurs when XML input contains a reference to an external entity that it wasn't expected to have access to. Through this article, I will discuss how .Net handles XML for certain objects and how to properly configure these objects to block ...