Whitepaper that discusses XXE exploitation via file uploads.
You can download it from the following link: https://packetstormsecurity.com/files/download/161963/exploiting-xxe-via-file-upload.pdf
Source: https://packetstormsecurity.com/files/161963/Exploiting-XXE-Via-File-Uploads.html