1. Web Security Academy
  2. XXE injection
  3. Blind
  4. Lab

Lab: Exploiting blind XXE to exfiltrate data using a malicious external DTD

PRACTITIONER

This lab has a "Check stock" feature that parses XML input but does not display the result.

To solve the lab, exfiltrate the contents of the /etc/hostname file via Burp Collaborator.

The lab contains a link to an exploit server on a different domain where you can host your malicious DTD.

Note

You must use the public Burp Collaborator server (burpcollaborator.net).