🎯 XML External Entity (XXE) Injection Payload List

This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.

The PHP sandbox environment is a Docker-based tool for testing XML processing code, with XXE vulnerabilities demonstrated and security considerations explained.

Want to keep your Web application from getting hacked? Here's how to get serious about secure apps. So let's do it! Open Friday, Aug 2016 - Presentation Notes.

A service which is vulnerable to XML External Entity (XXE) attacks.

Oracle CTF Web XML Entity Exploit

XXE Testing Page