Web Attacks - Advanced File Disclosure

Please could someone give me a tip to help complete the challenge at the end of the Advanced File Disclosure Section

I’ve tried both methods to try and find flag.php. When I use either method I can get the other PHP pages to show up fine, I can view system files, but for some reason I can’t find the flag. This makes me believe it might be contained in a subdirectory that I don’t know the name of. I’ve already tried fuzzing for different directories but this still isn’t helping.

Any help would be appreciated.

hi @Theonly_wilko
…am not even able to view the system files in the response…
in my local DTD file, i kept it as echo ‘’ > xxe.dtd
also ,in my request I append the piece of code given in the module by changing the IP AND PORT alone…
Can you tell me whether I should append anything in the local DTD file as the hint says-Don’t forget to point the ‘file’ to the flag in your local DTD file.

hey guys!!! I ve finally solved it!!! DM if u need any help

Sorry I didn’t see this. I’m glad you got it in the end!