By making clever use of external entity references, an attacker can probe your
server for files, hang the parser altogether by referencing URLs that never
respond, or trigger fraudulent requests on the server-side.
Let's look at one potential attack scenario.