⌘Ctrlk

Writeups
- Easy Machines
- Walkthroughs: Easy
  CC: Steganography
  Cryptography for Dummies
  Cross-site Scripting
  SQL Injection Lab
  SQL Injection
  ZTH: Web 2
  SSRF
  XXE
  Authenticate
  Injection
  Blaster
  The Cod Caper
  Hardening Basics Part 1
  What the Shell?
  Game Zone
  Upload Vulnerabilities
  Bolt
  Erit Securus 1
  CC: Pentesting
  JavaScript Basics
  OverPass 2 - Hacked
  Linux: Local Enumeration
  Ice
  Linux Backdoors
  Avengers Blog
  DNS in Detail
  Putting it all together
  Kenobi
  Common Linux Privesc
  Network Services 2
  Network Services
  The Hacker Methodology
  The Find command
  HTTP in Detail
  Web Fundamentals
  How Websites Work
  Introductory Networking
- Challenges (CTF): Easy
- 1 Difficulty Rating

Powered by GitBook

TryHackMe
Walkthroughs: Easy

XXE

Introduction

eXtensible Markup Language

DTD

XXE Payload

Exploiting

Lets start burp and visit the webpage

Now lets try to display our name on the page

The payload works, now lets try reading the /etc/passwd file

We can read it

Now lets try to read the user falcon's id_rsa file, which is also his private key

We can look at it better in the source code

PreviousSSRF NextAuthenticate

Last updated 4 years ago

Introduction
eXtensible Markup Language
DTD
XXE Payload
Exploiting