1. Web Security Academy
  2. XXE injection
  3. Blind
  4. Lab

Lab: Exploiting blind XXE to retrieve data via error messages


This lab has a "Check stock" feature that parses XML input but does not display the result.

To solve the lab, use an external DTD to trigger an error message that displays the contents of the /etc/passwd file.

The lab contains a link to an exploit server on a different domain where you can host your malicious DTD.