none
Enable DTD processing in Open XML SDK RRS feed

  • Question

  • Hello,

    I'm trying to create an application vulnerable to XXE attacks (for training purposes). How can I enable DTD processing in OpenXmlReader and use it for opening Open XML documents?

    I am able to parse XML files containing DTD by creating XmlReader instance with specific XmlReaderSettings, but it seems that OpenXMLReader does not let you to define such things.


    • Edited by Kolejarz Monday, September 3, 2018 12:53 PM
    Monday, September 3, 2018 12:53 PM

All replies

  • Hi Kolejarz,

    Please check if the following link works for you: CA3075: Insecure DTD Processing 

    Best Regards,

    Yuki


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread.

    Tuesday, September 4, 2018 8:15 AM
    Moderator
  • Hi Yuki,

    I don't want to supress warning about DTD Processing - I wanted to make vulnerable application using Open XML SDK. 

    Anyway, I've contacted developers responsible for SDK and currently there is no way to provide your own XmlReader instance to use for deserialization. You have to use other APIs to achieve that.

    Tuesday, September 4, 2018 1:00 PM
  • Hi Kolejarz,

    Thank you for having taken your time to provide us with your valuable feedback. Also, If you have any question, or update, please feel free to let me know.

    I wish you a happy life.

    Best Regadrs,

    Yuki




    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread.

    Wednesday, September 5, 2018 3:03 AM
    Moderator