Click here to Skip to main content
14,488,989 members
Rate this:
Please Sign up or sign in to vote.
See more:
I am trying to build & develop a Security POC, this code is part of an app that I've extracted into a smaller app because I am having some difficulty with it.

 String str = "<?xml version=\"1.0\"?><!DOCTYPE foo[<!ELEMENT foo ANY> <!ENTITY word \"A\">]><foo>&word;</foo>";
System.Xml.XmlDocument xDoc = new System.Xml.XmlDocument();
xDoc.LoadXml(str);
xDoc.Save(@"C:\Temp\xdoc.xml");


Consider the xml string contains a DTD entity word, which is referenced in my actual xml. When the document is loaded I would expect the DTD To get processed and therefore replace the entity "word" referred to in my xml with the character string "A". Then write the whole document back out to disk. However when I examine xDoc.xml. The Entity expansion/replacement hasn't happened.

Why not?
Posted
Comments
Sergey Alexandrovich Kryukov 27-Sep-13 14:08pm
   
Not going into detail, I would ask: why not using XML Schema instead of DOCTYPE? Schema is much better supported by software; XSD is itself XML.
—SA
CdnSecurityEngineer 27-Sep-13 14:22pm
   
I know this. However the specific vulnerability I am targeting a demonstration for relies on the DOCTYPE & DTD processing. Hence why I want to get this example working, so I can make a case not to load and process our XML in such a fashion.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100