Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Portswigger: Exploiting XInclude to retrieve files Writeup - Aleyna Doğan

Portswigger: Exploiting XInclude to retrieve files Writeup

updated on 25 Mart 202425 Mart 2024By Aleyna Doğan

Lab link.

This lab has a “Check stock” feature that embeds the user input inside a server-side XML document that is subsequently parsed.

Because you don’t control the entire XML document you can’t define a DTD to launch a classic XXE attack.

To solve the lab, inject an XInclude statement to retrieve the contents of the /etc/passwd file.

XInclude is a specification for creating sub-documents in an XML document. If the system allows it, we can read the file.

<foo xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include parse="text" href="file:///etc/passwd"/></foo>

More Lab

Tags :Portswigger Lab writeup XInclude

Bir yanıt yazın Yanıtı iptal et