.png)
8 months ago
71 BOOK THIS SPACE FOR AD
ARTICLE ADThis lab has a “Check stock” feature that parses XML input but does not display the result. To solve the lab, use an external DTD to trigger an error message that displays the contents of the /etc/passwd file. The lab contains a link to an exploit server on a different domain where you can host your malicious DTD | Karthikeyan Nagaraj
This lab has a “Check stock” feature that parses XML input but does not display the result.
To solve the lab, use an external DTD to trigger an error message that displays the contents of the /etc/passwd file.
The lab contains a link to an exploit server on a different domain where you can host your malicious DTD.
Go to the Exploit server, change the name of file to /exploit.dtd, and paste the below code in body.2. Now, Click a product, Click Check stock, Capture the request, and send it to the repeater.
3. Go to the exploit server, copy the file URL, and paste it in the below Code.
4. Insert the following external entity definition in between the XML declaration and the stockCheck element. Replace the file URL below:
5. The Lab will be solved once you get the /etc/passwd Contents
Bengali (Bangladesh) · 
English (United States) ·