Exam CS0-003 topic 1 question 112 discussion

XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure, by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks.

The presence of XML entities (<!ENTITY>) is commonly associated with XXE vulnerabilities. So answer is C.

From study guide: There are also other types of attack that target the way a server parses an XML file submitted for upload or XML data submitted as a URL: XML External Entity (XXE)—This type of attack embeds a request for a local resource, such as the server’s password file. This is exactly what happens here.

The attacker references /etc/shadow using the &ent; entity in the XML code. The XML parser replaces &ent; with the contents of /etc/shadow during the parsing process. The password hashes from /etc/shadow are displayed where the <lastName> value would normally appear. If the vulnerable application returns this data in a response (like a web page or an API), the attacker can see and retrieve the hashes.

The security analyst is validating for XML External Entity (XXE) Injection vulnerability. In this scenario, the XML snippet includes an external entity (<!ENTITY ent SYSTEM "file:///etc/shadow">) that references a file on the server. If the web application improperly processes XML input, it could potentially resolve this entity and include the contents of the /etc/shadow file in the XML response, which could expose sensitive information. XXE vulnerabilities can lead to various attacks, including data exfiltration, denial of service, and server-side request forgery (SSRF).

I am quite possibly wrong, with my response below after doing even further research. Apologies everyone.

Directory Traversal... Directory Traversal- An app attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory. E.g. "../../../../etc/shadow" is used in a URL to get to the shadow file. Directory traversals can be used to access any file on s system with the right permissions. Percent encoding can be used to hide directory traversal.