All Questions

4 questions

12votes

1answer

4kviews

Is PHP loadXML vulnerable to XXE attack (and to other attacks)? Is there a list of vulnerable functions?

I have PHP code that uses the loadXML function (as well as other XML functions). Is the loadXML function vulnerable to XXE attack? Namely, if the XML contains external entities, will they be ...

Gari BN

asked Aug 15, 2016 at 9:05

-1votes

1answer

365views

Oversized XML attack in axis 1.4

How can we prevent oversized XML attack in webservice implemented with Apache Axis 1.4?

Imran

asked Sep 19, 2015 at 7:37

11votes

1answer

881views

Public XSLT & XML playground (with PHP DOMDocument, etc.) Security Risks?

Let's say I want to set up a sandbox or playground in PHP that users can use to create (or paste in) XML and XSLT, then transform the XML via the XSLT (by means of PHP 5's DOMDocument and related ...

tex

asked Jun 7, 2011 at 11:46

12votes

3answers

4kviews

If an XML document is not validated as "Well Formed" or checked against a schema, what are the risks?

When processing an XML document in my application, what are the risks? E.g. if it is not "Well Formed" or is not checked against a schema.

Phoenician-Eagle

2,227

asked Nov 17, 2010 at 15:17

Stack Exchange Network

All Questions

Is PHP loadXML vulnerable to XXE attack (and to other attacks)? Is there a list of vulnerable functions?

Oversized XML attack in axis 1.4

Public XSLT & XML playground (with PHP DOMDocument, etc.) Security Risks?

If an XML document is not validated as "Well Formed" or checked against a schema, what are the risks?

Hot Network Questions

All Questions

Related Tags