XXE

Introduction

eXtensible Markup Language

DTD

XXE Payload

Exploiting

Lets start burp and visit the webpage

Now lets try to display our name on the page

The payload works, now lets try reading the /etc/passwd file

We can read it

Now lets try to read the user falcon's id_rsa file, which is also his private key

We can look at it better in the source code