Blind XXE arşivleri - Aleyna Doğan

Showing 3 Result(s)

Portswigger: Exploiting blind XXE to retrieve data via error messages Writeup

updated on 22 Mart 202422 Mart 2024

Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. To solve the lab, use an external DTD to trigger an error message that displays the contents of the /etc/passwd file. The lab contains a link to an exploit server on a different domain where you can host …

Portswigger: Exploiting blind XXE to exfiltrate data using a malicious external DTD Writeup

updated on 22 Mart 202422 Mart 2024

Lab link. This lab has a “Check stock” feature that parses XML input but does not display the result. To solve the lab, exfiltrate the contents of the /etc/hostname file. The main goal of the attacker is to leak sensitive data. Blind XXE also involves hosting a malicious DTD to obtain the data and then calling the …

Portswigger: Blind XXE with out-of-band interaction via XML parameter entities Writeup

updated on 22 Mart 202422 Mart 2024

Lab link. This lab has a “Check stock” feature that parses XML input, but does not display any unexpected values, and blocks requests containing regular external entities. To solve the lab, use a parameter entity to make the XML parser issue a DNS lookup and HTTP request to Burp Collaborator. In the lab, we first …