https://lab.wallarm.com/xxe-that-can-bypass-waf-protection-98f679452ce0/

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XXE%20Injection

https://hackerone.com/reports/347139

https://mohemiv.com/all/evil-xml/

https://github.com/BuffaloWill/oxml_xxe

https://gosecure.github.io/xxe-workshop/#0

https://www.netspi.com/blog/technical/web-application-penetration-testing/playing-content-type-xxe-json-endpoints/

https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XXE%20Injection