This can be used to create very large strings, which can eventually DoS the system. Due to the working of SimpleXmlIterator, we cannot run system commands using the package (tested with my limited knowledge though). However, entities can be used easily. Hope this helps!
The text was updated successfully, but these errors were encountered:
XMLBundle's XMLReader is vulnerable to an XXE DoS vulnerability. The code with the PoC is given below:
This can be used to create very large strings, which can eventually DoS the system. Due to the working of
SimpleXmlIterator, we cannot run system commands using the package (tested with my limited knowledge though). However, entities can be used easily. Hope this helps!The text was updated successfully, but these errors were encountered: