XML quadratic blowup
The XML quadratic blowup attack is a denial of service attack vector against an XML parser. Before I start writing about XQB, let me first explain a technique known as billion laughs, which doesn't work nowadays but will give you a foundation toward XQB.
XML billion laughs
The XML billion laughs DoS attack simply starts by declaring an XML document with an entity named lol (hence the name laugh gets associated with it, but in a general case it can be any valid name). The entity is then nested recursively 10 times (or more). This forces the XML parser to allocate memory for every single entity reference. Hence a huge chunk of memory gets wasted, by sending the same XML document again and again; one can simply choke a server out of all memory, eventually killing it. However, parsers these days detect nested XML entities and stop parsing immediately, killing this vector. A classic XML billion laughs XML payload is as follows:
<?xml version="1.0"?> <!DOCTYPE lolz...
