rffuste

Burp Suite Academy: Exploiting XXE using external entities to retrieve filesBurp Suite Academy
This lab has a "Check stock" feature that parses XML input and returns any unexpected values in the response.

To solve the lab, inject an XML external entity to retrieve the contents of the /etc/passwd file.

Checking the req
https://www.rffuste.com/2023/07/24/burp-suite-academy-exploiting-xxe-using-external-entities-to-retrieve-filesburp-suite-academy/
#CTFs #burpSuiteAcademy

Burp Suite Academy: Exploiting XXE using external entities to retrieve filesBurp Suite Academy

This lab has a «Check stock» feature that parses XML input and returns any unexpected values in the response. To solve the lab, inject an XML external entity to retrieve the contents of the /e…

/sec/rffuste
Jul 24, 2023 at 6:00amWeb