He crafts a malicious XML file with an external reference to the
path /etc/shadow
- a file that commonly holds password information
on Linux systems. His hope is that when the XML is parsed, the parser
will expand this file inline, revealing sensitive information to him.