XML External Entity Injection | Synopsys
Security is hard to get right. Between Cross-Site Scripting (XSS) and SQL Injection (SQL) alone, there are more ways to make mistakes than any developer can possibly be expected to keep track of manually — and those are just the two most well-known types of vulnerabilities. Most developers have never even heard of more obscure attacks, like XML External Entity Injection (XXE), and yet a well-placed attack can be just as devastating as the most egregious XSS injection.
Mar 17, 2015 ... This was exactly the case last year, when a Brazilian engineer used an XXE attack to gain remote code execution against Facebook, earning their ...