XXE Cheatsheet – XML External Entity Injection
All the fun of the post on XML External Entities (XXE) but less wordy! A internal entity: <!–?xml version=”1.0″ ?–> <!DOCTYPE replace [<!ENTITY example “Doe”> ]> <userInfo> <firstName>John</firstName> <lastName>&example;</lastName> </userInfo>