I’m currently working on the limited file upload section of the File Upload Attacks module and I’m able to get the XSS working but I can’t seem to do anything other then make the alert pop. I’ve tried a few different JS commands to read a file but nothing seems to work. I’ve attempted to use the XXE portion of the section and I can’t get anything to even upload let alone leverage it. Any help would be greatly appreciated!
Thanks for the reply! I was actually able to leverage the XXE only after I switched networks. Have you ever heard of a home router filtering requests? I ran into the same issue when I was doing the SQL injections module and I had to use the hotspot on my phone in order to send the SQL payloads.
Hello I’m looking for some information because I have a strange problem.
When I do perform the attack on the pwnbox It’s a success and when I do perform the same thing from my own computer the request is not reaching at all the server.
This is the case of an XXE payload.
Moreover, when I do perform with a XSS payload (alert function) from my computer the request reach the server but it’s very long time.
I don’t understand why the router will intercept and analyze the content since it goes thru a VPN connection
When im trying to use the following payload for reading the flag the server crashes all the time:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE svg [ <!ENTITY xxe SYSTEM "file:///etc/flag.txt"> ]>
<svg>&xxe;</svg>
Does somebody have the same problem or have another idea to get to the flag ?
Hi, I have just finished and piece of advice for anyone struggling:
I needed to restart the target many times. I always work on the Pwnbox and I was having a working script that I was sending but for some reason needed to restart it multiple times for it to work. I have restarted it 7 times I think before the same payload worked.
the flag is not in /etc directory, it is in root directory / . You can not read the flag because there is no flag.txt in /etc/ directory. You need to fix the path.