7. Exploiting XInclude to retrieve files

Поделиться
HTML-код
  • Опубликовано: 11 сен 2024
  • Lab: Exploiting XInclude to retrieve files
    PRACTITIONER
    This lab has a "Check stock" feature that embeds the user input inside a server-side XML document that is subsequently parsed.
    Because you don't control the entire XML document you can't define a DTD to launch a classic XXE attack.
    To solve the lab, inject an XInclude statement to retrieve the contents of the /etc/passwd file.
    Hint
    By default, XInclude will try to parse the included document as XML. Since /etc/passwd isn't valid XML, you will need to add an extra attribute to the XInclude directive to change this behavior.

Комментарии •

Следующие
Автовоспроизведение
8. Exploiting XXE via image file upload5:218. Exploiting XXE via image file upload
8. Exploiting XXE via image file uploadLittle More Help
Просмотров 401
Cursor Is Beating VS Code (...by forking it)18:00Cursor Is Beating VS Code (...by forking it)
Cursor Is Beating VS Code (...by forking it)Theo - t3․gg
Просмотров 73 тыс.
Introduction to Cloud Hacking| flaws.cloud LEVEL 414:23Introduction to Cloud Hacking| flaws.cloud LEVEL 4
Introduction to Cloud Hacking| flaws.cloud LEVEL 4Little More Help
Просмотров 398
[DOKKAN BATTLE] Worldwide Campaign Announcement Video Part 2!19:27[DOKKAN BATTLE] Worldwide Campaign Announcement Video Part 2!
[DOKKAN BATTLE] Worldwide Campaign Announcement Video Part 2!Bandai Namco Entertainment
Просмотров 115 тыс.
PS5 Pro Technical Presentation hosted by Mark Cerny09:40PS5 Pro Technical Presentation hosted by Mark Cerny
PS5 Pro Technical Presentation hosted by Mark CernyPlayStation
Просмотров 3,2 млн
Full Debate: Harris vs. Trump in 2024 Presidential Debate | WSJ1:49:25Full Debate: Harris vs. Trump in 2024 Presidential Debate | WSJ
Full Debate: Harris vs. Trump in 2024 Presidential Debate | WSJThe Wall Street Journal
Просмотров 9 млн
Devara Part -1 Trailer (Telugu) | NTR | Saif Ali Khan | Janhvi | Koratala Siva | Anirudh | Sep 2702:40Devara Part -1 Trailer (Telugu) | NTR | Saif Ali Khan | Janhvi | Koratala Siva | Anirudh | Sep 27
Devara Part -1 Trailer (Telugu) | NTR | Saif Ali Khan | Janhvi | Koratala Siva | Anirudh | Sep 27NTR Arts
Просмотров 32 млн
How to use PGP Encryption | This is how Asymmetric Encryption Works DEMO | GNU PG12:15How to use PGP Encryption | This is how Asymmetric Encryption Works DEMO | GNU PG
How to use PGP Encryption | This is how Asymmetric Encryption Works DEMO | GNU PGLittle More Help
Просмотров 566
Enhance Your Playwright Tests for Better Structure and Readability!4:13Enhance Your Playwright Tests for Better Structure and Readability!
Enhance Your Playwright Tests for Better Structure and Readability!AZADEMY
Просмотров 32
Hacking AWS Services | rce_web_app (Medium / Hard)29:17Hacking AWS Services | rce_web_app (Medium / Hard)
Hacking AWS Services | rce_web_app (Medium / Hard)Little More Help
Просмотров 138
Little-Known AI Tools Giving Academics an Unfair Advantage9:58Little-Known AI Tools Giving Academics an Unfair Advantage
Little-Known AI Tools Giving Academics an Unfair AdvantageAndy Stapleton
Просмотров 12 тыс.
Hacking AWS Services | vulnerable_cognito (Small / Moderate)22:05Hacking AWS Services | vulnerable_cognito (Small / Moderate)
Hacking AWS Services | vulnerable_cognito (Small / Moderate)Little More Help
Просмотров 136
This MacBook was really really really really dirty #41336:27This MacBook was really really really really dirty #413
This MacBook was really really really really dirty #413Adamant IT
Просмотров 10 тыс.
Hacking AWS Services | iam_privesc_by_attachment (Medium / Moderate)20:29Hacking AWS Services | iam_privesc_by_attachment (Medium / Moderate)
Hacking AWS Services | iam_privesc_by_attachment (Medium / Moderate)Little More Help
Просмотров 95
Hacking AWS Services | lambda_privesc (Small / Easy)27:54Hacking AWS Services | lambda_privesc (Small / Easy)
Hacking AWS Services | lambda_privesc (Small / Easy)Little More Help
Просмотров 73
Introduction to Cloud Hacking| flaws.cloud LEVEL 615:09Introduction to Cloud Hacking| flaws.cloud LEVEL 6
Introduction to Cloud Hacking| flaws.cloud LEVEL 6Little More Help
Просмотров 230
Cool Items!🥰 New Gadgets, Smart Appliances, Kitchen Tools Utensils, Home Cleaning, Beauty #shorts00:23Cool Items!🥰 New Gadgets, Smart Appliances, Kitchen Tools Utensils, Home Cleaning, Beauty #shorts
Cool Items!🥰 New Gadgets, Smart Appliances, Kitchen Tools Utensils, Home Cleaning, Beauty #shortsCool Items Official
Просмотров 22 млн
Эконом такси в твоем городе 😂00:59Эконом такси в твоем городе 😂
Эконом такси в твоем городе 😂Cadrol&Fatich
Просмотров 731 тыс.
Как встречать мужа с работы. Психолог Ирина Ковалёва00:56Как встречать мужа с работы. Психолог Ирина Ковалёва
Как встречать мужа с работы. Психолог Ирина КовалёваСама Меньшова
Просмотров 366 тыс.
В гостях Саня Булкин! #вопросребром00:46В гостях Саня Булкин! #вопросребром
В гостях Саня Булкин! #вопросребромGazgolder
Просмотров 94 тыс.
ВЫЖИЛ ЗА МАЛЕНЬКУЮ РЫБКУ В ОГРОМНОМ ОКЕАНЕ!13:14ВЫЖИЛ ЗА МАЛЕНЬКУЮ РЫБКУ В ОГРОМНОМ ОКЕАНЕ!
ВЫЖИЛ ЗА МАЛЕНЬКУЮ РЫБКУ В ОГРОМНОМ ОКЕАНЕ!Бурёночек🛑
Просмотров 184 тыс.
Вся правда о презентации iPhone 16/PRO! Опять, Apple?16:54Вся правда о презентации iPhone 16/PRO! Опять, Apple?
Вся правда о презентации iPhone 16/PRO! Опять, Apple?Wylsacom
Просмотров 1,1 млн
Growing fruit art00:33Growing fruit art
Growing fruit art_vector_
Просмотров 2,9 млн
Apple Event - September 91:38:50Apple Event - September 9
Apple Event - September 9Apple
Просмотров 25 млн