Please could someone give me a tip to help complete the challenge at the end of the Advanced File Disclosure Section
I’ve tried both methods to try and find flag.php. When I use either method I can get the other PHP pages to show up fine, I can view system files, but for some reason I can’t find the flag. This makes me believe it might be contained in a subdirectory that I don’t know the name of. I’ve already tried fuzzing for different directories but this still isn’t helping.
hi @Theonly_wilko
…am not even able to view the system files in the response…
in my local DTD file, i kept it as echo ‘’ > xxe.dtd
also ,in my request I append the piece of code given in the module by changing the IP AND PORT alone…
Can you tell me whether I should append anything in the local DTD file as the hint says-Don’t forget to point the ‘file’ to the flag in your local DTD file.