1. Web Security Academy
  2. XXE injection
  3. Blind
  4. Lab

Lab: Exploiting blind XXE to exfiltrate data using a malicious external DTD

PRACTITIONER

This lab has a "Check stock" feature that parses XML input but does not display the result.

To solve the lab, exfiltrate the contents of the /etc/hostname file via Burp Collaborator.

The lab contains a link to an exploit server on a different domain where you can host your malicious DTD.

Note

You must use the public Burp Collaborator server (burpcollaborator.net).

Try Burp Suite for Free

Find XXE vulnerabilities using Burp Suite

Try for free