https://blog.lameiro0x.com/tags/xml/Recent content in Xml on Miguel Lameiro | Cybersecurity Blog & Security WriteupsHugo -- 0.161.1en-usFri, 17 Apr 2026 00:00:00 +0000https://blog.lameiro0x.com/notes/exploitation/web-attacks/Fri, 17 Apr 2026 00:00:00 +0000https://blog.lameiro0x.com/notes/exploitation/web-attacks/<h1 id="introduction">Introduction</h1> <p>This topic brings together three very common web attack families: HTTP verb tampering, insecure direct object references, and XML external entity injection. They look different on the surface, but all three usually come from the same core weakness: the application trusts client-controlled input more than it should, and the backend does not enforce validation and authorization consistently. In practice, this means a tester can often move from a small logic flaw to data exposure, privilege escalation, or even server-side code execution.</p>