Web application security - the fast guide 1.1 | Page 148
Chapter 7 - Attack execution (3)
P a g e | 148
7.8 Attack XML
XML format considered as a very important text format due to the special
structure it provides which makes it very good medium to transfer structured
data hence it was used as a holder for the data transmitted between client and
server.
A simple example about this type of usage is the following listing that illustrates
the usage of XML format in an HTTP request to send data to a search page
POST /search/searchPage.ashx HTTP/1.1
Host: victim.com
Content-Type: text/xml; charset=UTF-8
Content-Length: 39
what to search
When the server receives the request it will send the response also in XML
format, response might be something like:
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: 77
No results found for expression: what to search