I encountered some issues in the INJECTION ATTACKS Skills Assessment section;
What I have now:
1.I have discovered the SSRF caused by PDF generation
2.I used SSRF to detect internal information and discovered a query function with xpath injection
3.I can use xpath injection

But I am unable to fully display the data obtained through XPath injection in the PDF file :frowning:
Can anyone help me

Look XPath - Data Exfiltration. We can retrieve one element at a time.