https://dl.packetstormsecurity.net/papers/general/xml-external-entity-injection---explanation-and-exploitation.pdf