Portswigger: Exploiting XXE via image file upload Writeup
Lab link. This lab lets users attach avatars to comments and uses the Apache Batik library to process avatar image files. To solve the lab, upload an image that displays the contents of the /etc/hostname file after processing. Then use the “Submit solution” button to submit the value of the server hostname. In some systems, we need …