XML External Entity (XXE) Processing which can be more read about HERE is an awesome web application attack vector. Beyond the Seclists XXE Payloads (That link is one example of what’s available in SecLists). Beyond PayloadAllTheThings XXE Payloads. Beyond even FuzzDB XXE Payloads!
Here is a great introduction and resource for a 3+ course on XXE! Great for an introduction or review!
Check it out HERE!