SMTP over XXE − how to send emails using Java's XML parser
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/ [shiftordie.de]
2017-02-23 17:55
I regularly find XML eXternal Entity (XXE) vulnerabilities while performing penetration tests. These are particularly often present in Java-based systems, where the default for most XML parsers still is parsing and acting upon inline DTDs, even though I have not seen a single use case where this was really neceassary.
Now with more SMTP via FTP via XML.
source: R