Because of the XML schema used by the vulnerable component, generally only plaintext results can be retrieved - anything which is marked up using XML, HTML, or other similar languages will fail to load via XXE.

This module makes use of Solr's intended functionality (storing documents in a search index), so it is the most likely to go unnoticed. It may generate server-side error log messages if an attempt is made to retrieve files which contain XML. Because it requires the storage, then retrieval of content from the database, it is noticeably slower than the CVE-2013-6407-DARH and CVE-2013-6407-URH-NMVF modules.

Because documents are actually being inserted, then deleted, this module may generate a warning indicating that the document used for the XXE attack was not deleted, even though it was (because the delete operation had not completed when the test was performed).

See the Solr documentation and the CVE-2013-6407-DARH module documentation for more technical details.

