XXE

Introduction

Lets start burp and visit the webpage

Now lets try to display our name on the page

The payload works, now lets try reading the /etc/passwd file

We can read it

Now lets try to read the user falcon's id_rsa file, which is also his private key

We can look at it better in the source code

Last updated 3 years ago

Was this helpful?