RedTeam3.Web-Hacking4.InjectionXXECommands5.xxe Xinclude Try changing format from json to XML try adding entity inside a normal parameter EX: ?id=%26entity;&pass=123 (GET or POST) 4.xxe File UploadCommands