Injection Lab
XXE Playground
Lab Progress0%
Level 1: Local File Disclosure
XML External Entity (XXE) vulnerabilities occur when an XML parser processes external entities within a DTD. This can be weaponized to read local files.
Objective
Read the contents of /etc/passwd using an external entity.
Educational Purpose Only — Practice only on systems you own or have explicit written permission to test.