Academy Web Attacks Skills Assesment

hello

you almost solved it!

the reset password is in “/reset.php”

after that
all that you got is correct but try cheng the method you use :
POST
HEAD

1 Like

company : Administrator

i also am facing the same issue as the OP.
When i try to do the LFI XXE, i stop getting the name element returned in the response so I end up with this as the response:
Event ‘’ has been created.

I also get the same “empty” response if there is a “&” character anywhere in the XML.

Could someone give me a nudge on the access to the admin account. Im pretty sure im 90% there I just cant figure out how to get it to work.

EDIT: I figured out this bit, please feel free to DM if you are stuck.