Lab link.
This lab has a “Check stock” feature that parses XML input but does not display the result.
To solve the lab, use an external DTD to trigger an error message that displays the contents of the
/etc/passwd
file.The lab contains a link to an exploit server on a different domain where you can host your malicious DTD.
As in the previous lab, this time we will trigger the vulnerability using an error message.
Necessary arrangements are made in POST Request.
Hello, I am Aleyna Doğan. I work as a Sr. Cyber Threat Intelligence Analyst. In my blog, we write blog posts that my friends and I want to share. Have a good read.