DOCX XXE Injector

Injects XML External Entity (XXE) payloads into DOCX files to test for XXE vulnerabilities in Word document parsers.

Which XML file inside the DOCX archive to replace with your payload.

Complete XML content for the target file. This replaces the entire content of the selected injection point.

Drag & drop your file here, or

About this tool

Injects XML External Entity (XXE) payloads into DOCX files to test for XXE vulnerabilities in Word document parsers.

Read documentation →