This is a comprehensive XXE exploitation playbook that covers far more than the basic file read examples most security guides stop at. It walks through out-of-band exfiltration techniques, which are critical when servers parse XML but don't reflect entity content back to you. You get practical attack chains like converting JSON endpoints to XML parsers, injecting entities into Office documents and SVG files, and pivoting from XXE to SSRF against internal services. The protocol handler section covers PHP wrappers, gopher for Redis exploitation, and base64 encoding to handle binary files. If you're testing XML parsers in any context, including SOAP endpoints, file upload flows, or PDF generators, this gives you the full toolkit with real CVE-based scenarios.
npx skills add https://github.com/yaklang/hack-skills --skill xxe-xml-external-entity