Lab link.
This lab has a “Check stock” feature that parses XML input but does not display the result.
To solve the lab, use an external DTD to trigger an error message that displays the contents of the
/etc/passwdfile.The lab contains a link to an exploit server on a different domain where you can host your malicious DTD.
As in the previous lab, this time we will trigger the vulnerability using an error message.
Necessary arrangements are made in POST Request.
