XML External Entity

XML – a markup language that is widely used in distributed applications, including web-based applications. For programming there are used special characters in XML documents, so-called entity (Entity). Entity can be divided into the following categories:

• Predefined
• Internal
• External

An XML eXternal Entity Attack example could be predefined entities: & quot; (Double-quote character). Example of an internal entity: <! ENTITY pentest «hek»> … & pentest; External entities refer to third-party files. XML eXternal Entity use external entities. <! ENTITY epicwin SYSTEM «file: /// etc / passwd»> Solution to the use of external entities is presented here: DOMDocument :: loadXML ($ xml, LIBXML_NOENT);