XXE
Introduction
eXtensible Markup Language
DTD
XXE Payload
Exploiting
Lets start burp and visit the webpage
Now lets try to display our name on the page
The payload works, now lets try reading the /etc/passwd file
We can read it
Now lets try to read the user falcon's id_rsa file, which is also his private key
We can look at it better in the source code
Last updated