External entity injection (also known as "XXE") attacks allow you to read files from the host with the permissions of the XML parser, as well as using the XML parser as a sort of proxy to do internal reconnaissance and even internal attacks.
Your objective is to read /etc/passwd or c:\boot.ini using an XXE attack.
PARAMETERS:
Injection Type - Header Value
Sanitization - None
Output - All results, verbose errors, xml shown