New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!

💥 XXE WAF Bypass
💥 Works when there is no XXE, but there is a vuln in the XML body, e.g. SQL Injection

#ptswarmTechniques https://t.co/szO26kwcZj