XXE full name is XML External Entry. XXE basically XML injection is vulnerability that occurs when a input is concatenated with XML code. Also, changes of the application XML code becomes possible by the attacker

XXEinjector is a open source ruby based tool. The tool has retrieving files using direct and out of band methods. Directory listing functionality only works in Java apps and brute force method.