## Apprentice Level - ✅ [[1. Exploiting XXE using external entities to retrieve files]] - ✅ [[2. Exploiting XXE to perform SSRF attacks]] ## Practitioner Level - ✅ [[3. Blind XXE with out-of-band interaction]] - ✅ [[4. Blind XXE with out-of-band interaction via XML parameter entities]] - ✅ [[5. Exploiting blind XXE to exfiltrate data using a malicious external DTD]] - ✅ [[6. Exploiting blind XXE to retrieve data via error messages]] - ✅ [[7. Exploiting XInclude to retrieve files]] - ✅ [[8. Exploiting XXE via image file upload]] ## Expert Level - ✅ [[9. Exploiting XXE to retrieve data by repurposing a local DTD]]