webPromedium

XXE filter

web-kids20

Task WEB_d242 from the advanced category. The web application is vulnerable to XXE. The flag is hardcoded in the PHP source code. Need to use XXE in combination with php://filter wrapper to read the source code.

$ ls tags/ techniques/

lfi source_code_disclosure xxe xml php_filter

source_code_leakxxe_php_filterbase64_wrapper

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]XXE read— web-kids20
[web][Pro]file_get_contents SSRF— web-kids20
[web][Pro]Never let go— hackerlab
[web][Pro]B64Decoder— hackerlab
[web][Pro]Lab 140 — Pressboard — XXE via RSS Feed Import— hackadvisor