In this test we will first check if your web application allows the use of XML to exchange data between the browser and the server.
We than manipulate the POST request to capture data being sent to the server and identify the XML External Entities vulnerability.
XXE vulnerability can not only result in the disclosure of sensitive information but also if there is no restriction on the size of the processed entities than it can be exploited to perform Denial of Service (DoS) attacks by using only few requests. Such requests consume a lot of resources and may render the server unresponsive.
We will test your web application for following XXE injection vulnerabilities:
XXE to extract data and access system files.
XXE to perform SSRF attacks.
XXE via file upload.
Blind XXE to exfiltrate data out-of-band or retrieve data via error messages.
Report will detail all the tests conducted and the analysis of all XXE vulnerabilities detected.
Based on our finding through our extensive tests we will provide recommendations in the report on how to fix the XXE injection vulnerabilities.