An XML External Entity (XXE) attack is a type of computer security vulnerability typically found in Web applications. XXE enables attackers to disclose normally protected files from a server or connected network. The XML standard includes the idea of an external general parsed entity (an external entity).
What is an XML bomb?
An XML bomb is a message composed and sent with the intent of overloading an XML parser (typically HTTP server). XML bombs exploit the fact that XML allows defining of entities. For example, let entityOne be defined as of 20 entityTwo's, which themselves are defined as 20 entityThree's.
What is an LDAP Injection attack?
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements using a local proxy.