1. Web Security Academy
  2. XXE injection
  3. Blind
  4. Lab

Lab: Exploiting blind XXE to exfiltrate data using a malicious external DTD

PRACTITIONER

This lab has a "Check stock" feature that parses XML input but does not display the result.

To solve the lab, exfiltrate the contents of the /etc/hostname file.

Note

To prevent the Academy platform being used to attack third parties, our firewall blocks interactions between the labs and arbitrary external systems. To solve the lab, you must use the provided exploit server and/or Burp Collaborator's default public server (burpcollaborator.net).

Find XXE vulnerabilities using Burp Suite

The benefits of working through PortSwigger's Web Security Academy

Get started with the Web Security Academy where you can practise exploiting vulnerabilities on realistic targets .. and its free!

Already got an account? Login here