700 - Pentesting EPP
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
The Extensible Provisioning Protocol (EPP) is a network protocol used for the management of domain names and other internet resources by domain name registries and registrars. It enables the automation of domain name registration, renewal, transfer, and deletion processes, ensuring a standardized and secure communication framework between different entities in the domain name system (DNS). EPP is designed to be flexible and extensible, allowing for the addition of new features and commands as the needs of the internet infrastructure evolve.
Basically, it's one of the protocols a TLD registrar is going to be offering to domain registrars to register new domains in the TLD.
you can see how some security researches found several implementation of this protocol were vulnerable to XXE (XML External Entity) as this protocol uses XML to communicate, which would have allowed attackers to takeover tens of different TLDs.
Learn & practice AWS Hacking: Learn & practice GCP Hacking: