nipotan/gist:135048

## gistfile1.pl
#!perl
use strict;
use XML::Simple;
use Data::Dumper;

my $xml = do { local $/ = undef; <DATA> };
my @entities = $xml =~ /<!ENTITY\s+(\w+)\s+.+?>/sg;
my $entities_re = '&(?:' . join('|', @entities) . ');';
$xml =~ s/$entities_re//g;

my $ref = XMLin($xml);
warn Dumper $ref;

__DATA__
<?xml version="1.0"?>
<!DOCTYPE str [
<!ENTITY pass SYSTEM "/etc/passwd">
]>
<str><data1>&pass;</data1><data2></data2></str>
	#!perl
	use strict;
	use XML::Simple;
	use Data::Dumper;

	my $xml = do { local $/ = undef; <DATA> };
	my @entities = $xml =~ /<!ENTITY\s+(\w+)\s+.+?>/sg;
	my $entities_re = '&(?:' . join('\|', @entities) . ');';
	$xml =~ s/$entities_re//g;

	my $ref = XMLin($xml);
	warn Dumper $ref;

	__DATA__
	<?xml version="1.0"?>
	<!DOCTYPE str [
	<!ENTITY pass SYSTEM "/etc/passwd">
	]>
	<str><data1>&pass;</data1><data2></data2></str>