How to Detect XXE Attacks from Text Input in Java
Check single or multiple text inputs for XML External Entity Attacks using an API in Java.
by
Join the DZone community and get the full member experience.Join For Free
XML (Extensible Markup Language) is an incredibly popular data format that can be used in a variety of ways; from documents to images to videos, XML does them all. However, the very design of XML requires that an application parse the request to create an output, which provides an opening for XML External Entity (XXE) attacks. XXE attacks can exploit vulnerabilities within Document Type Definitions (DTD) in XML parsers to replace entities and cause a denial of service or utilize Server Side Request Forgery (SSRF) to gain access to sensitive data. These attacks do not discriminate on who they target; if your applications use a parser to interpret XML data, they have the potential for infiltration. Even several high-profile companies reported finding and being exposed to this type of attack over the past few years.