XML External Entities

And now Mal has a foot in the door. He is able to read sensitive data files on the server, and it is likely only a matter of time before he figures out how to smuggle code up there and escalate his attacks.
The hacker victorious.
/etc/shadow
root:Qkc6M$6$9K3Exh$PTpXh×5mmAVmC 
admin:$1$3.9г4eV$3nHTS5X7CJOYv9
daemon:*:18642:0:99999:7
bin:*:18642:0:99999:7
sys:*:18642:0:99999:7
sync:*:18642:0:99999:7