The WebGoat XXE (XML External Entity) section has 3 exercises. The first 2 are pretty easy, the last one quite difficult. So without further ado, let’s get to it! Exercise 3 In this exercise you are asked to list the contents of the root file system directly in a comment using XXE. For this, you […]

OWASP WebGoat XXE Read More »

OWASP WebGoat XSS lessons

I recently installed WebGoat, a deliberately vulnerable web app with built-in lessons. While some of the lessons are very easy, they quickly rise to a much higher difficulty. Even though the app does explain the basic concepts, the explanations are nowhere good enough to solve the exercises provided. In this post I’ll focus on the Cross-Site

OWASP WebGoat XSS lessons Read More »