- manual: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection
- payload: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/Intruder/command-execution-unix.txt
- manual: https://portswigger.net/web-security/xxe
- manual: https://book.hacktricks.xyz/pentesting-web/xxe-xee-xml-external-entity
- manual: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_Security_Cheat_Sheet.md
- manual: https://media.blackhat.com/eu-13/briefings/Osipov/bh-eu-13-XML-data-osipov-slides.pdf