首先我们需要区分攻击的效果和被利用的功能.

First we need to distinguish the effect of attack from the feature that is exploited.

可以利用的 XML 的特殊功能是

Particular features of XML that can be exploited are

• XML 实体
• 解析器和验证器的专有扩展
• 循环/递归引用
• 远程访问

效果可以是

• DOS
• 信息披露

我认为炸弹"没有精确的定义，但它指的是一种特别紧凑"且扩展"的攻击.强制解析攻击"利用 XML 模型的特性来压倒解析器.

I don't think there is percise definition of a "bomb", but it refers to an attack that is particularly "compact" and which "expands". A "coercive parsing attack" exploits the nature of the XML model to overwhelm the parser.

以下示例摘自 XML 拒绝服务攻击和防御.另外，如果您懂法语，请阅读优秀杂志网络服务安全".

The examples below are taken from XML Denial of Service Attacks and Defenses. Also, if you understand french, read the excellent magazine "La security des web services".

示例 1

使用实体的炸弹会导致 DOS，因为它耗尽了内存

A bomb using entities which result in a DOS because it exhausts the memory

<?xml version="1.0"?>
<!DOCTYPE kaboom [
  <!ENTITY a "aaaaaaaaaaaaaaaaaa...">
]>
<kaboom>&a;&a;&a;&a;&a;&a;&a;&a;&a;...</kaboom>

如果您有 50'000 个aaaa...aaa"和 50'0000 个 &a:&a;...&a;，则 200KB 的有效负载扩展到更多内存超过 2GB

If you have 50'000 "aaaa...aaa" and 50'0000 &a:&a;...&a;, a payload of 200KB expands to more than 2GB in memory

示例 2

一个实体可能被用来以未经授权的方式访问另一个文件.这会导致信息泄露.

An entity could be used to access another file in a unauthorized way. This leads to information disclosure.

<?xml version="1.0"?>
<!DOCTYPE letter [
     <!ENTITY file SYSTEM "/sensitive.txt" >
]>
<tag> &file; </tag>

示例 3

使用某些解析器访问远程资源的能力(参见 http://www.ibm.com/developerworks/xml/library/x-tipgentity.html)，现在来看看如果文件bigfile.xml是2GB会发生什么.这可能会导致 DOS.

Using the ability of certain parser to access remote resources (see http://www.ibm.com/developerworks/xml/library/x-tipgentity.html), now go figure what happens if the file bigfile.xml is 2GB. This probably leads to a DOS.

<?xml version="1.0"?>
<!DOCTYPE letter [
     <!ENTITY file  SYSTEM "http://www.mysite.com/bigfile.xml" >
]>
<tag> &file; </tag>

示例 4

这种递归会导致内存耗尽，并可能导致 DOS.

This recursion will lead to memory exhaust and probably a DOS.

<!ENTITY companyname "Contoso Inc.">
<!ENTITY divisionname "&companyname; Web Products Division">

如果这是功课，那么您还应该考虑如何保护自己免受此类攻击.

If this is schoolwork, then you should also think about how you can protect yourself from such attack.