All the fun of the post on XML External Entities (XXE) but less wordy!
<!--?xml version="1.0" ?--> <!DOCTYPE replace [<!ENTITY example "Doe"> ]> <userInfo> <firstName>John</firstName> <lastName>&example;</lastName> </userInfo>
Continue reading: XXE Cheatsheet – XML External Entity Injection