New XML technique! Encode any DTD/XML inside an internal entity, and fly under WAF radars!

? XXE WAF Bypass
? Works when there is no XXE, but there is a vuln in the XML body, e.g. SQL Injection

#ptswarmTechniques https://t.co/szO26kwcZj