.png)
9 months ago
101 BOOK THIS SPACE FOR AD
ARTICLE ADThis lab has a “Check stock” feature that parses XML input but does not display the result. You can detect the blind XXE vulnerability by triggering out-of-band interactions with an external domain. To solve the lab, use an external entity to make the XML parser issue a DNS lookup and HTTP request to Burp Collaborator | Karthikeyan Nagaraj
This lab has a “Check stock” feature that parses XML input but does not display the result.
You can detect the blind XXE vulnerability by triggering out-of-band interactions with an external domain.
To solve the lab, use an external entity to make the XML parser issue a DNS lookup and HTTP request to Burp Collaborator.
Visit a product page, click “Check stock” and intercept the resulting POST request in Burp Suite Professional.Insert the following external entity definition in between the XML declaration and the stockCheck element.Right-click and select "Insert Collaborator payload" to insert a Burp Collaborator subdomain where indicated:4. Replace the productId number with a reference to the external entity: &xxe;
5. Go to the Collaborator tab, and click “Poll now”. If you don’t see any interactions listed, wait a few seconds and try again. You should see some DNS and HTTP interactions that were initiated by the application as the result of your payload.
Bengali (Bangladesh) · 
English (United States) ·