LFGA Web

XXE - Learning Section


The Portswigger Web Academy


The portswigger academy has a wonderful and complete course about XXE, we'll start here.


Before you start

Link: XXE - Portswigger

After the activity

You now know:



Try Hack Me

Now let's just reinforce what we just learned. Let's get back to a room that we have used previously and focus on XXE. The room is: OWASP Top 10

And you have to do task 13, 14, 15 and 16.

Before you start

After the activity



PayloadsAllTheThings

If you need alternatives or want to see different ways to exploit XXE you can always go to PayloadsAllTheThings XML External Entity - PayloadsAllTheThings



That's all for the learning section. The portswigger course is very complete so if you did everything right, you won't have any trouble in the challenge section, but there are still lots of variations in XXE vulnerability. Let's get to the challenge section!.