XXE

Intentionally vulnerable web services exploitable via XML External Entity (XXE) attacks. Zipped Ubuntu VM set up as a Capture the Flag; successful exploiters can place their name on a leaderboard. Part of the OWASP Vicnum project; used in OWASP AppSec 'Breaking Bad' events.

Collections container

Technology VMware Ubuntu

Categories CTF Single-player

Last contribution Mar 10, 2015 2y +

Link Download

Notes

XXE can lead to disclosure of confidential data, DoS, or port scanning from the parser host. Download VM from SourceForge. See xxe.sourceforge.io.

← Back to directory