Hey guys.
I just completed the skills assesment on this module, and I was wondering what the logic behind the first vulnerability is:
When you upload a regular image, you see that the content of the image is being displayed on the web using a image data uri like <img src="data:image/gif;base64,R0lGODlhEAAQAMQAAORHHOVSKudfOulrSOp3WOyDZu6QdvCchPGolfO0o/XBs/fNwfjZ0fr[...]">
What I don’t understand here is, how was I supposed to guess I could use an XXE exploit just by seeing this information? How could I know that XML would be processed, instead of the whole thing being converted to base64 and outputed as an URI? What seemed more logical was to try and inject a command in the filename since it could be being encoded to base64 using the OS…
EDIT: What I mean by “seeing this information” is that, since the content of the image is being processed as base64, I thought the content of the .svg XML would be processed as base64 aswell.
Thanks for your time.