11.5 Lab: Exploiting blind XXE to exfiltrate data using a malicious external DTD | 2024
2024-3-4 13:25:15 Author: infosecwriteups.com(查看原文) 阅读量:7 收藏

This lab has a “Check stock” feature that parses XML input but does not display the result.To solve the lab, exfiltrate the contents of the /etc/hostname file | Karthikeyan Nagaraj

Karthikeyan Nagaraj

InfoSec Write-ups

This lab has a “Check stock” feature that parses XML input but does not display the result.To solve the lab, exfiltrate the contents of the /etc/hostname file.

  1. Go to the Exploit server, change the name of file to /exploit.dtd, and paste the code with your Collaborator Link.

2. Now, Click a product, Click Check stock, Capture the request and send it to the repeater.

3. Go to the exploit server, copy the file URL, and paste it in the below Code.

4. Insert the following external entity definition in between the XML declaration and the stockCheck element. Replace the file URL below:

5. Click poll in the Collaborator tab and send the request.

6. After polling, you’ll find a parameter in the HTTP request, Copy and paste that code to solve the Lab.


文章来源: https://infosecwriteups.com/11-5-lab-exploiting-blind-xxe-to-exfiltrate-data-using-a-malicious-external-dtd-2024-a0cc2615cd5e?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh