Skip to content

🎉 Welcome! Enjoy your reading, and I hope you will learn something new.

N£utr0nys Notes Blog About

Archives
Glossary
Experiences
My CV

CTRL K

CTRL K

Notes
Blog
- FCSC 2026 - Crypto Write-Ups
- A new journey
About
More
More
About Me
Archives

Binary Exploitation
Cryptography
CTF Archives
Forensics
Hardware
OSINT
Reverse Engineering
Science
Steganography
System
Web Exploitation
More
About Me
Archives

On this page

Challenges
Resources

View this page on GitHub →

Web Exploitation

XML external entity

XML external entity (XXE)

Challenges

Exploiting XXE to retrieve files
Exploiting XXE to perform SSRF
Blind XXE with out-of-band interaction
Blind XXE with out-of-band interaction using parameter entities
Blind XXE with out-of-band exfiltration
Blind XXE with data retrieval via error messages
XInclude attack
XXE via file upload
Blind XXE: Trigger error message by repurposing local DTD

Resources

What is XXE (XML external entity) injection? Tutorial & Examples | Web Security Academy
PayloadsAllTheThings/XXE Injection

Last updated on May 12, 2026

WebSocket XS Leaks

Powered by Hextra

© 2026 N£utr0nys