1. Web Security Academy
  2. XXE injection
  3. Blind
  4. Lab

Lab: Exploiting blind XXE to exfiltrate data using a malicious external DTD


This lab has a "Check stock" feature that parses XML input but does not display the result.

To solve the lab, exfiltrate the contents of the /etc/hostname file via Burp Collaborator.

The lab contains a link to an exploit server on a different domain where you can host your malicious DTD.


You must use the public Burp Collaborator server (burpcollaborator.net).

Try Burp Suite for Free

Find XXE vulnerabilities using Burp Suite

Try for free