# XXE Injection

- [Lab: Exploiting XXE using external entities to retrieve files](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-exploiting-xxe-using-external-entities-to-retrieve-files.md)
- [Lab: Exploiting XXE to perform SSRF attacks](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-exploiting-xxe-to-perform-ssrf-attacks.md)
- [Lab: Blind XXE with out of band interaction](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-blind-xxe-with-out-of-band-interaction.md)
- [Lab: Blind XXE with out of band interaction via XML parameter entities](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-blind-xxe-with-out-of-band-interaction-via-xml-parameter-entities.md)
- [Lab: Exploiting blind XXE to exfiltrate data using a malicious external DTD](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-exploiting-blind-xxe-to-exfiltrate-data-using-a-malicious-external-dtd.md)
- [Lab: Exploiting blind XXE to retrieve data via error messages](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-exploiting-blind-xxe-to-retrieve-data-via-error-messages.md)
- [Lab: Exploiting XInclude to retrieve files](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-exploiting-xinclude-to-retrieve-files.md)
- [Lab: Exploiting XXE via image file upload](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-exploiting-xxe-via-image-file-upload.md)
- [Lab: Exploiting XXE to retrieve data by repurposing a local DTD](/web-security-academy-solutions/server-side-topics/xxe-injection/lab-exploiting-xxe-to-retrieve-data-by-repurposing-a-local-dtd.md)