1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

XML Injection

Variants:
Direct Persistent Session 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation

Invented In:
18/05/2004

Added In:
25/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Malicious inputs can affect the structure of XML structures generated in the server-side


Direct Variant:

XML Injection

Variant Title:
XML Injection

Typical Severity:
Medium

Resources:

CWE

CAPEC

WASC

Vulnerapedia

OWASP Testing Guide

Other I

Other II

White Papers:

Learn More:



Persistent Variant:

Stored XML Injection

Also Known As:
Persistent XML Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:


Session Variant:

XML Injection via Session Puzzling

Also Known As:
Session XML Injection

Typical Severity:
Medium

Resources:

White Papers:

Learn More:




TECAPI ©

Join