@jodjod said:
@takuma
So, is it necessary to bypass the 500 Internal Server Error or you can get what you want with the error present?I think i am on the right track but enumerating many different strategies (following the hint on OWASP top 10) did not bring me anywhere closer.
Can someone PM me for a couple of guidelines?
Just use normal xml format
and the correct entity name
@takuma said:
@jodjod said:
@takuma
So, is it necessary to bypass the 500 Internal Server Error or you can get what you want with the error present?I think i am on the right track but enumerating many different strategies (following the hint on OWASP top 10) did not bring me anywhere closer.
Can someone PM me for a couple of guidelines?
Just use normal xml format
XML Tutorialand the correct entity name
I will try again today!
Thanks in advance
Hi Guys, Stuck at the last bit of priv ex. Could one of you pm. I think I understand the history aspect that you are all talking about. But just want to run it by one of you.
Thanks 
So im able to read some files but I havent a clue where to go from there can someone PM to poke me in the direction? I havent been able to send files to the server either
i was delete my message because i get the way to read files.
Hi guys, can you please help getting user? I found the upload page & whenever I upload a properly formatted file I get Internal Server Error. I am trying to upload just a simple file with the three elements to make sure that I can upload but can’t get past that error.
Hi Guys - Equally the same issue with XML - I have ran multiple iterations all ensuring case sensitivity etc, but all I get back is Internal Server Error. Anyone able to PM on this pls?
@etsandy said:
Hi Guys - Equally the same issue with XML - I have ran multiple iterations all ensuring case sensitivity etc, but all I get back is Internal Server Error. Anyone able to PM on this pls?
Sometimes children need a parent 
is it entity name or element name? This formatting of the XML is kind of strange; I’ve tried what I believe to be all the PoC’s with zero hits.
The amount of OVER ENGINEERING the solution I did on this box…SMH.
Feel free to PM for nudges.
Thanks @lokori for the great box and the opportunity to learn something new!
rooted, PM me if you need any help.
can someone PM me a little nudge with the XML? I can’t get anything to pop / communicate with me… I’ve researched extensively and I’m not understanding my error.
i can read the files with the proper XML and i got user flag but now i am stuck and don’t know where to go from here. Any help would be appreciated .
There are other files on the system that will be useful for you. Perhaps a way to see what the user has been doing?
Spoiler Removed - Arrexel
@nardin said:
@J3rryBl4nks said:
My payload seems to be malformed, can anyone PM me about the format of the payload?There must be a father with 3 sons
This ■■■■ literally made me realise where I was making my mistake after 2 days… I fucking hate myself.
Can someone give me a nudge with the XML? Stuck on 500 error.
@H4wk said:
@bngrsec said:
Can someone give me a nudge with the XML? Stuck on 500 error.on the same boat
Try uploading a valid XML first. Look up some XML files to see how they work. And the most important thing: Read the instructions for uploading very carefully. Everything you need is written on the page. There’s also been a few very good hints in this thread.
@Lu1e said:
@H4wk said:
@bngrsec said:
Can someone give me a nudge with the XML? Stuck on 500 error.on the same boat
Try uploading a valid XML first. Look up some XML files to see how they work. And the most important thing: Read the instructions for uploading very carefully. Everything you need is written on the page. There’s also been a few very good hints in this thread.
Thanks man, I got User a little after I posted this.
