INJECTION ATTACKS-Skills Assessment

urara · June 11, 2024, 1:59am

I encountered some issues in the INJECTION ATTACKS Skills Assessment section；
What I have now：
1.I have discovered the SSRF caused by PDF generation
2.I used SSRF to detect internal information and discovered a query function with xpath injection
3.I can use xpath injection

But I am unable to fully display the data obtained through XPath injection in the PDF file
Can anyone help me

c0rs3r · June 14, 2024, 10:37pm

Look XPath - Data Exfiltration. We can retrieve one element at a time.

nebbers · February 20, 2025, 5:41pm

(post deleted by author)

Topic		Replies	Views
Skill Assestment - Injection Attacks Academy	24	1164	December 30, 2024
Blind SSRF Exploitation Example Academy academy , htb-academy	1	1758	February 6, 2023
Academy Server-Side Attacks - Skills Assessment Academy server-side-attack , academy	56	6088	December 29, 2024
Techniques for Web Application Security Assessment Off-topic starting-point	0	129	March 15, 2024
Academy - Injection Attacks - XPath - Blind Exploitation Academy	1	66	December 31, 2024

INJECTION ATTACKS-Skills Assessment

Related topics