Skip to content
This repository has been archived by the owner on Dec 13, 2020. It is now read-only.

Take care of External XML Entities #1

Open
attilammagyar opened this issue Feb 10, 2014 · 0 comments
Open

Take care of External XML Entities #1

attilammagyar opened this issue Feb 10, 2014 · 0 comments

Comments

@attilammagyar
Copy link
Owner

Should be able to work with XML files from untrusted sources without letting XXE injection attacks through.

Example:

<?xml version="1.0" encoding="ISO-8859-1"?>
 <!DOCTYPE foo [  
   <!ELEMENT foo ANY >
   <!ENTITY xxe SYSTEM 'php://filter/read=convert.base64-encode/resource=/etc/passwd'>]>
   <foo>&xxe;</foo>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@attilammagyar