XXEinjector is a tool that automates the process of exploiting a security error consisting in the ability to inject external entities into xml files (XML eXternal Entity). It allows, among other things, downloading and uploading files directly and using an intermediary server, enumering files and directories, or enumering un filtred ports.
Tool download from XXEinjector