Many outdated or improperly configured XML processors can interpret external entity references within XML documents. External entities can be used to access internal files, network shares, perform port scans on internal networks, execute remote code, and conduct denial of service (DoS) attacks.
| OWASP Top 10 Application Security Risks - 2017 | Reference |
|---|---|
| A4:2017-XML External Entities (XXE) | OWASP |
Every technological element we use in our systems and applications must be understood in all its aspects to be used effectively and safely.
Often we resort to very powerful and complex tools to meet modest needs, without evaluating their security impacts.Francesco Ongaro
