Detecting XML External Entities                                             Chapter 7

            When the server attempts to expand the entity and access the contents of  EFW SBOEPN, it
            can cause the server to crash. That's because  EFW SBOEPN is a special, pseudorandom
            number generator, that will block the thread if there's insufficient entropy for the random
            number generation. Here, we've entered the snippet into another intercepted attempt to
            create an account:
























            After forwarding the request, we see the server hangband hang. Upon opening a new tab,
            we can no longer get the IP address to resolve. We've successfully crashed it!































                                                    [ 124 ]