XML Bomb

Why Trust Techopedia

What Does XML Bomb Mean?

An XML bomb is a piece of XML code that is syntactically valid and correct but can cause a program that compiles or runs it to crash or hang. An XML bomb can be used to test the security level of a server. In an HTML code, an XML code is either parsed internally or referenced as an external file that is sent to a server. Typically, a normal server without adequate protection is expected to crash with this attack.

Advertisements

Techopedia Explains XML Bomb

An XML bomb is a small but dangerous piece of code that is written and sent with the intent of crashing the targeted server or program that tries to read and decode it. When an XML parser tries to process an XML bomb, the nested data entities start growing exponentially. This can result in the shutting down of a server or ISP, making it vulnerable to unauthorized access by hackers, which can result in serious threat to data privacy. An XML bomb takes advantage of three properties of XML, namely, entity substitution, nested entities and inline DTDs, to cause a “data explosion,” hence the “bomb” in the name.

Advertisements

Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.