Learn XXE the way it's actually exploited — hands-on, against a live target. Read server-side files and pivot into internal-only services through a single vulnerable XML parser in the LedgerFlow lab.
XML External Entity injection is a vulnerability that arises when an application parses XML input and the parser is allowed to resolve external entities — references inside the XML document that point at resources outside it. When an attacker controls that XML, they can make the server fetch and disclose local files, reach services that are only reachable from inside the network, or exhaust resources with a denial-of-service payload.
XXE is deceptively common because the sink is invisible unless you know to look for it. Any endpoint that accepts XML — a SOAP API, a document importer, a file-upload flow that unpacks XML under the hood, a feed parser — is a candidate. The bug almost always comes down to a parser configured to trust the document it's given.
An external entity can reference a path on the server's own filesystem. When the parser resolves it, the file's contents are pulled into the document — exposing configuration, credentials, or source code that was never meant to leave the box.
The same mechanism can point at an internal URL instead of a file. The server dutifully fetches it, letting an attacker reach admin panels, metadata endpoints, and microservices that return 403 to the outside world — turning an XML bug into a network pivot.
XXE was its own category — A4 — in the OWASP Top 10 2017. In the 2021 revision it was consolidated into A05:2021 – Security Misconfiguration, reflecting that the root cause is an insecure parser configuration rather than a flaw in XML itself. The impact classes below are what make it a high-severity finding.
| Impact | What the attacker gains | Severity |
|---|---|---|
| File disclosure | Read arbitrary server-side files | High |
| SSRF | Reach internal-only network services | High |
| Denial of service | Exhaust memory via recursive entities | Medium |
| Data exfiltration | Blind out-of-band retrieval of file contents | High |
The core lesson of Room 9 is that automation and human judgment are a pipeline, not a competition. An autonomous scan maps the attack surface in minutes — the exposed paths, the forbidden endpoints, the open ports. But XXE is interaction-based: it only reveals itself when you submit a crafted document and watch how the server responds. That's the gap a human closes.
In the lab, you run a real PhantomRed scan against LedgerFlow, read the findings it surfaces, then take over manually to prove the XXE the scanner can't see:
This is the same progression Room 8 introduced with a dedicated SSRF lab — and XXE is where the two classes chain together, since an external entity can drive the SSRF itself.
The LedgerFlow lab is live and free to play. Run a real autonomous scan, then exploit the XXE the scanner can't see — file read and SSRF pivot, end to end.