In the section above, notice that
dtd_section_config/template.xml contains a reference to "
xsd_section_config/template.xml contains a reference to "
http://www.xmlmind.com/xsd/section.xsd". Well, these files do not exist! Anyway, as explained in "XML Entity and URI Resolvers", even a real reference to a schema file would have ended up posing interchange problems.
Nevertheless, thanks to the XML catalogs found in the configuration directories, XXE has no problem loading the local copy of
section.dtd and the local copy of
dtd_section_config/catalog.xml (configuration based on DTD):
<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog" prefer="public"> <public publicId="-//XMLmind//DTD Simple Section//EN" uri="section.dtd"/> </catalog>
The above catalog associates the public DTD ID "
-//XMLmind//DTD Simple Section//EN" referenced in a document instance to local copy
section.dtd (local because its URI is relative to
xsd_section_config/catalog.xml (configuration based on XML Schema):
<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog"> <uri name="http://www.xmlmind.com/xsd/section.xsd" uri="section.xsd"/> </catalog>
The above catalog associates the absolute URI "
http://www.xmlmind.com/xsd/section.xsd" referenced in a document instance to local copy
section.xsd (local because its URI is relative to
Note that, in the case of the configuration based on RELAX NG, because a document instance never directly references its schema, there is no need for an XML catalog.
For XXE to discover and load an XML catalog, the file containing it must have a name ending with string "