Skip to main content

Home XML bomb

XML bomb

(also billion laughs attack)

XML bomb definition

An XML bomb is a type of DDoS attack where a small piece of code is sent to overwhelm the program that parses XML files and crash the server. It works similarly to a zip bomb: when an XML parser tries to process the message, nested data entities inside of it start growing exponentially and crash the server.

How to stop an XML attack

  • Limit the number of characters the entity can expand.
  • Limit the memory allocated to a parser.