The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well.
You can download it from the following link: https://packetstormsecurity.com/files/download/126764/XMLDTDEntityAttacks.pdf
Source: https://packetstormsecurity.com/files/126764/XML-Schema-DTD-And-Entity-Attacks.html