Definition
An XML bomb is a specific type of distributed denial-of-service (DDoS) attack where a tiny segment of code is sent to overwhelm the software that parses XML files, causing the server to crash.
It functions like a zip bomb: when an XML parser attempts to process the message, the number of nested data entities within it increases exponentially, eventually crashing the server.
How to Prevent an XML Attack
- Restrict the number of characters an entity can expand
- Limit the memory assigned to a parser
Examples of XML Bomb Attacks
Here are some reported instances of XML bomb attacks:
- Billion laughs attack: This type utilizes a recurrent entity structure that grows exponentially to consume system resources. It is named after its characteristic use of the term ‘Ha’ in the entity descriptions, leading to a visually pleasing pattern when launched in a text editor.
- Quadratic blowup attack: This XML bomb attack exploits nested entity increase to cause quadratic growth in the XML file size. The exponential growth in file size rapidly overwhelms the system, leading to a DDoS attack.
- W3C entity expansion attack: Under this assault, the malicious XML file exploits the vulnerability in XML parsers that comply with the W3C standard. Using the Document Type Definition (DTD) entity declaration, the perpetrator realizes exponential expansion of the entity.