Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
An XML bomb is a piece of XML code that is syntactically valid and correct but can cause a program that compiles or runs it to crash or hang. An XML bomb can be used to test the security level of a server. In an HTML code, an XML code is either parsed internally or referenced as an external file that is sent to a server. Typically, a normal server without adequate protection is expected to crash with this attack.
An XML bomb is a small but dangerous piece of code that is written and sent with the intent of crashing the targeted server or program that tries to read and decode it. When an XML parser tries to process an XML bomb, the nested data entities start growing exponentially. This can result in the shutting down of a server or ISP, making it vulnerable to unauthorized access by hackers, which can result in serious threat to data privacy. An XML bomb takes advantage of three properties of XML, namely, entity substitution, nested entities and inline DTDs, to cause a "data explosion," hence the "bomb" in the name.