XML is a format mainly used to describe the structure of documents or data; HTML, for example, is a use of XML.

XML entities are like data structures defined inside an XML structure, and some of them have the ability to read files from the system or even execute commands.

In this recipe, we will exploit an XML External Entity (XEE) injection vulnerability to read files from the server and remotely execute code in it.