This repository contains various XXE labs set up for different languages and their different parsers. This may alternatively serve as a playground to teach or test with Vulnerability scanners / WAF rules / Secure Configuration settings.

The PHP sandbox environment is a Docker-based tool for testing XML processing code, with XXE vulnerabilities demonstrated and security considerations explained.

Want to keep your Web application from getting hacked? Here's how to get serious about secure apps. So let's do it! Open Friday, Aug 2016 - Presentation Notes.

A service which is vulnerable to XML External Entity (XXE) attacks.

Oracle CTF Web XML Entity Exploit

A comprehensive guide to XML External Entity injection vulnerabilities. Learn how attackers exploit XXE, and how to defend your applications with secure XML parsing configurations.