Big thank you to Brilliant for sponsoring this video! To try Brilliant for free (for 30 days) and to get a 20% discount, visit: Brilliant.org/davidbombal // Tib3rius’ SOCIAL // KZbin: kzbin.info Website: tib3rius.com/ Twitch: www.twitch.tv/0xTib3rius GitHub: github.com/Tib3rius LinkedIn: www.linkedin.com/in/tib3rius/ X: x.com/0xtib3rius Bluesky: bsky.app/profile/tib3rius.bsky.social // Links REFERENCE // XXE Demo Repo: github.com/Tib3rius/XXE-Demos Dynamic Tool-DTD Repo: github.com/Tib3rius/Dynamic-DTD // Specific Webpage REFERENCE // en.wikipedia.org/wiki/Billion_laughs_attack tib3rius.com/robots.txt // David's SOCIAL // Discord: discord.com/invite/usKSyzb X: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin: www.youtube.com/@davidbombal // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up0:33 - Intro 03:07 - Brilliant Advert 04:22 - What is XXE 06:24 - XXE Demo Intro 08:54 - XML Spec Defined Entities 13:27 - XML Billion Laughs Attack 15:07 - XML Exploits 16:27 - XXE Demo Basic Example 1 22:33 - XXE Demo Basic Example 2 23:33 - Error-Based XXE Demo 30:11 - Dynamic DTD Demo 34:45 - The Community 35:33 - Out-Of-Band XXE Demo 40:12 - XML Tips & Tricks 41:25 - Outro xxe xss xml http https website xml external entities cross site scripting portswigger ajax jscript lol lol attack billion laughts billion lol javascript xss attack xxe attack xxe video tutorial xxs attack tutorial xxe explained xss explained xxe attack example xxe bug bounty xxe tutorial xxe vulnerability xxe vs csrf attack xe example kali linux penetration testing ethical hacking bug bounty cross site scripting cross-site scripting red teaming cyber security kali linux install kali linux 2025 ethical hacker course ethical hacker javascript ajax jquery node js node js hacking portswigger Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #xxe #xss #hacking

Thanks for having me on the show David! Glad I can share these fun / crazy exploit techniques with a wider community!

The second X is a play on Ex just like XML is for extensible. This is why it is XXE instead of XEE.

Cool! Thank you, David, for the video, and thank you, Tib3ius, for the demo!

In the CBBH, I found this much more advanced vulnerability with DTD and I tried to bypass the image file, the SVG.

While making animated explainers.. I use your video for refresher 🔥

I just watched whole video. Great content

Thanks David and Tib3rius, very interesting content.

Interesting, tryna learn XXE to help enhance my Bug Bounty Skills.

Good video as it's very helpfull that any network engineer need to know something about websites good initiative from uou David thx as always

The error based XXE looks like a robbery...ha ha ha

Not many people know these types of web attack, so they are actually a good way to hunt a bug

First time I see my like count. Very happy 😁

It’s a kind of hard to find a video with a guest. Would be great if you add in the description the video with Rana

Thanks Mr Bombal .Thanks for brilliant stuff you upload .It's been a few years since I've been follow your YT and Udemy content .Thanks a lots !!!!!

I thought hack only happen with Linux

Tib3rius my man 🥳

THX David! What's about LinkedIn?

Can you do a video on how a person can force their phone to only run on 5G standalone to enable their phones identifier information to have the highest level of protection please? 5G SA IS the only way to stop an IMSI ATTACK. Please look that up and teach us :)

error based XXE is very cool .. tanks sir

Make a video about local AIs e.g: Dolphin Mixtral 8x7b

Please kali linux series

We need master otw please 🙏🙏❤

David can you create a Tutorial about configuring Linux for White hat hacking as in checking database vulnerabilities, please

No comments?

Bro how to use esp 288 chip vedio plz❤

Wow interesting stuff here!!!

I love xxe

❤

Great ! DONE.

i am java dev :D

Can you do an updated video on how a regular person with no computer program literacy can run MVT- Mobile Verification Toolkit and IMazing on iPhones to check for high level threats? I believe this is much needed

Sir you are great😊

I love @Tib3rius content ❤ And CTF 🎉