<% include ../partials/ruleInfo.ejs %>

The following XML snippet is crafted to exploit SAX parsers that are configured to allow for external entity processing. If successful, the exploit will instruct the parser to read the /etc/passwd file from the server's file system.

<% sinkData.forEach(function(sink) { %>

`<%= sink.name %>`

<% }); %> <% include ../partials/safeButtons %>

<%= name %>

<%= sink.name %>

`<%= sink.name %>`