■ ■ ■ ■ ■ ■
CyberSecurity/Web/BountyStory/XXE/20230315 - Exploiting Out-of-Band XXE in the Wild from P4 to P1.md
| skipped 34 lines |
35 | 35 | | 4. And guess what?I got the result.<br> |
36 | 36 | | ![20230315-4.png](../images/20230315-4.png)<br> |
37 | 37 | | ![20230315-5.png](../images/20230315-5.png)<br> |
38 | | - | |
| 38 | + | <br> |
39 | 39 | | |
40 | 40 | | ### Phase 6 --> final XXE (P1) 🏅 |
41 | 41 | | 1. I made the OOB XXE exploitation successfully!! But actually, I couldn’t get any file with multiple lines<br> |
42 | 42 | | 2. I tried several techniques such as base64, FTP, ... but i failed in all of them.<br> |
43 | 43 | | 3. Finally I was able to do this with error messages<br> |
44 | 44 | | ![20230315-6.png](../images/20230315-6.png)<br> |
45 | | - | |
| 45 | + | <br> |
46 | 46 | | |
47 | 47 | | ## Credit |
48 | 48 | | Based on [Mahmoud Youssef](https://0xmahmoudjo0.medium.com/exploiting-out-of-band-xxe-in-the-wild-16fc6dad9ee2)'s writeup. |
| skipped 6 lines |