yoorijoriinfo

  What is XXE  XXXE (XML External Entities) is a security vulnerability that occurs during XML parsing, and is an attack that can use external entities to perform malicious actions. primarily malicious XML documents can allow attacks such as access to the server's file system, remote code execution, and denial of service. - If DTD cannot be completely disabled or disabled, external entities and external document type declarations must be disabled in a unique way for each parser Solution plan 1. When use DocumentBuilderFactory .setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD,"");    .setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");   2.  When use  SAXParser  .setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,"");  .setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");   3.  When use  SAXParserFactory  .setFeature("http://....", true);  4.  When use  TransformerFactory .setAttribut...