XML Injection vulnerabilities occur when user-supplied data is inserted into XML documents without proper validation or sanitization. This can lead to XML External Entity (XXE) attacks, XML injection attacks, and other security issues.
- XML External Entity (XXE) injection
- XML structure manipulation
- SOAP injection
- XPath injection via XML
- XML Entity Expansion (Billion Laughs attack)
Test XML input fields, file uploads, and APIs that accept XML data. Try injecting malicious XML entities and structures to manipulate the application behavior.
See xml-injection-payloads.txt for a comprehensive list of XML injection payloads.