Netsparker detected an XML External Entity (XXE) injection that made DNS request(s) to Netsparker Hawk. An XML External Entity attack is a type of attack against an application that parses XML input.
Netsparker performed an attack to make a request to an arbitrary server and successfully received the request at the Netsparker Hawk.
Please see the following code snippets for the most used programming languages and libraries:
StAX and XMLInputFactory
javax.xml.stream.isSupportingExternalEntitiesproperty to false.
XmlReaderSettings settings = new XmlReaderSettings(); settings.ProhibitDtd = true; XmlReader reader = XmlReader.Create(stream, settings);
XmlReaderSettings settings = new XmlReaderSettings(); settings.DtdProcessing = DtdProcessing.Prohibit; XmlReader reader = XmlReader.Create(stream, settings);