A penetration tester is testing a web application and discovers an endpoint that returns XML data. The tester attempts to read /etc/passwd by injecting an external entity. Which type of attack is this?
XXE uses external entities to read files or make requests.
Why this answer
XML External Entity (XXE) injection allows reading files or performing SSRF via XML processing.