Because of the XML schema used by the vulnerable component, generally only plaintext results can be retrieved - anything which is marked up using XML, HTML, or other similar languages will fail to load via XXE.

This module does not successfully insert data into the database (unlike the Document Insert module for the same vulnerability - CVE-2013-6407-URH-DI), but will cause errors to be logged with every request, and these errors may be noticed by attentive administrators. It is much faster than the CVE-2013-6407-URH-DI module, and roughly the same speed as the CVE-2013-6407-DARH module.

See the Solr documentation and the CVE-2013-6407-DARH module documentation for more technical details.

