The process to detect this kind vulnerability in general is as follows:

• If it's possible, download an XML document generated by the application so you know the structure. If not, create a simple template, like this:

<?xml version="1.0" encoding="ISO-8859-1"?> 
<!DOCTYPE foo [ 
<!ELEMENT foo ANY > 
<!ENTITY xxe SYSTEM "file:///etc/passwd" > 
] 
> 
<foo>&xxe;</foo> 

• See if it's possible to add a reference to a resource; a good trick that's commonly used by attackers is to generate a reverse response that could be captured in a server where we have control—something like this:

    GET 144.76.194.66 /XXE/ 10/29/15 1:02 PM Java/1.7.0_51  

• If it's not possible to add an external reference, but you receive an error, modify the request and submit tags:

<cosa></cosa> 

To test. If the error disappears, it means that the parser is accepting the tags as valid, so it might be vulnerable.

• Also, you can try entering data before or in the middle of the tags, as it needs to be valid for the parser, and sometimes the parser is waiting for a value:

Foo</cosa> 
Foo</cosa></cosas> 

• If this continues without any errors, try to create a reference to a resource, internal or external, and look at the result.