webProeasy

Lab 145 — RankPulse — XXE via Sitemap XML Parsing

hackadvisor

Task: Java/Spring Boot SEO platform that fetches and parses external XML sitemaps with entity resolution enabled. Solution: XXE injection via malicious sitemap hosted on Interaction Server — external entity reads /root/flag.txt, content appears as discovered URL in audit results.

$ ls tags/ techniques/

file_read java xxe xml decoy_flag spring_boot interaction_server sitemap seo_platform external_entity

xxe_file_readexternal_entity_injectionsitemap_xml_abuseinteraction_server_payload_hosting

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Lab 140 — Pressboard — XXE via RSS Feed Import— hackadvisor
[web][Pro]Lab 84 — PulseView— hackadvisor
[web][Pro]Lab 225 — MailPulse — SSTI in Campaign Template Preview— hackadvisor
[web][Pro]MailPulse— hackadvisor
[web][Pro]Lab 144 — InsightForge — Blind XXE via XML Data Import— hackadvisor