# XML external entity (XXE) injection

- [¿XML external entity?](/web/xml-external-entity-xxe-injection/xml-external-entity.md)
- [Lab 1: Exploiting XXE using external entities to retrieve files](/web/xml-external-entity-xxe-injection/lab-1-exploiting-xxe-using-external-entities-to-retrieve-files.md): https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-retrieve-files
- [Lab 2: Exploiting XXE to perform SSRF attacks](/web/xml-external-entity-xxe-injection/lab-2-exploiting-xxe-to-perform-ssrf-attacks.md): https://portswigger.net/web-security/xxe/lab-exploiting-xxe-to-perform-ssrf
- [Lab 3: Blind XXE with out-of-band interaction](/web/xml-external-entity-xxe-injection/lab-3-blind-xxe-with-out-of-band-interaction.md): https://portswigger.net/web-security/xxe/blind/lab-xxe-with-out-of-band-interaction