This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition.
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI.
0 kommentar(er)
