XML Injection is a method of attacking an XML application or service in order to modify or compromise its logic. Injecting undesired XML content and/or structures into an XML message can cause the application's intended logic to change.
The malicious XML message is used to compel recursive entity expansion (or other repetitive processing) that consumes all of the server's resources. The "many laughs" attack (also known as the "billion laughs" attack) is the most common example of this type of attack.
XML is one of the most extensively used formats for exchanging structured data today, both locally and across networks: between programmes, between people, and between computers and people. If you've worked with HTML before, you'll see that XML is pretty similar.
XML is a human-language format, not a computer-language format. Even novices can read and understand XML, and it's no more difficult to code than HTML.
XML is 100% portable and fully compatible with JavaTM. Your data can be used by any application that can parse XML, regardless of platform.
XML can be extended.
HTML and XML vary in that HTML displays data and describes the structure of a webpage, while XML stores and transfers data. HTML is a predetermined language with its own consequences, but XML is a standard language that can define additional computer languages.
Cyber Forensics Masterclass with Hands on learning