Hacking websites (great demos) with XML External Entities (XXE)
Big thank you to Brilliant for sponsoring this video! To try Brilliant for free (for 30 days) and to get a 20% discount, visit: https://Brilliant.org/davidbombal
// Tib3rius’ SOCIAL //
YouTube: https://www.youtube.com/Tib3rius
Website: https://tib3rius.com/
Twitch: https://www.twitch.tv/0xTib3rius
GitHub: https://github.com/Tib3rius
LinkedIn: https://www.linkedin.com/in/tib3rius/
X: https://x.com/0xtib3rius
Bluesky: https://bsky.app/profile/tib3rius.bsky.social
// Links REFERENCE //
XXE Demo Repo: https://github.com/Tib3rius/XXE-Demos
Dynamic Tool-DTD Repo: https://github.com/Tib3rius/Dynamic-DTD
// Specific Webpage REFERENCE //
https://en.wikipedia.org/wiki/Billion_laughs_attack
https://tib3rius.com/robots.txt
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - Coming up0:33 - Intro
03:07 - Brilliant Advert
04:22 - What is XXE
06:24 - XXE Demo Intro
08:54 - XML Spec Defined Entities
13:27 - XML Billion Laughs Attack
15:07 - XML Exploits
16:27 - XXE Demo Basic Example 1
22:33 - XXE Demo Basic Example 2
23:33 - Error-Based XXE Demo
30:11 - Dynamic DTD Demo
34:45 - The Community
35:33 - Out-Of-Band XXE Demo
40:12 - XML Tips & Tricks
41:25 - Outro
xxe
xss
xml
http
https
website
xml external entities
cross site scripting
portswigger
ajax
jscript
lol
lol attack
billion laughts
billion lol
javascript
xss attack
xxe attack
xxe video tutorial
xxs attack tutorial
xxe explained
xss explained
xxe attack example
xxe bug bounty
xxe tutorial
xxe vulnerability
xxe vs csrf attack
xe example
kali linux
penetration testing
ethical hacking
bug bounty
cross site scripting
cross-site scripting
red teaming
cyber security
kali linux install
kali linux 2025
ethical hacker course
ethical hacker
javascript
ajax
jquery
node js
node js hacking
portswigger
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#xxe #xss #hacking
// Tib3rius’ SOCIAL //
YouTube: https://www.youtube.com/Tib3rius
Website: https://tib3rius.com/
Twitch: https://www.twitch.tv/0xTib3rius
GitHub: https://github.com/Tib3rius
LinkedIn: https://www.linkedin.com/in/tib3rius/
X: https://x.com/0xtib3rius
Bluesky: https://bsky.app/profile/tib3rius.bsky.social
// Links REFERENCE //
XXE Demo Repo: https://github.com/Tib3rius/XXE-Demos
Dynamic Tool-DTD Repo: https://github.com/Tib3rius/Dynamic-DTD
// Specific Webpage REFERENCE //
https://en.wikipedia.org/wiki/Billion_laughs_attack
https://tib3rius.com/robots.txt
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - Coming up0:33 - Intro
03:07 - Brilliant Advert
04:22 - What is XXE
06:24 - XXE Demo Intro
08:54 - XML Spec Defined Entities
13:27 - XML Billion Laughs Attack
15:07 - XML Exploits
16:27 - XXE Demo Basic Example 1
22:33 - XXE Demo Basic Example 2
23:33 - Error-Based XXE Demo
30:11 - Dynamic DTD Demo
34:45 - The Community
35:33 - Out-Of-Band XXE Demo
40:12 - XML Tips & Tricks
41:25 - Outro
xxe
xss
xml
http
https
website
xml external entities
cross site scripting
portswigger
ajax
jscript
lol
lol attack
billion laughts
billion lol
javascript
xss attack
xxe attack
xxe video tutorial
xxs attack tutorial
xxe explained
xss explained
xxe attack example
xxe bug bounty
xxe tutorial
xxe vulnerability
xxe vs csrf attack
xe example
kali linux
penetration testing
ethical hacking
bug bounty
cross site scripting
cross-site scripting
red teaming
cyber security
kali linux install
kali linux 2025
ethical hacker course
ethical hacker
javascript
ajax
jquery
node js
node js hacking
portswigger
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#xxe #xss #hacking
David Bombal
Want to learn about IT? Want to get ahead in your career? Well, this is the right place!
On this channel, I discuss Linux, Python, Ethical Hacking, Networking, CCNA, Virtualization and other IT related topics.
This YouTube channel has new videos upload...