Web Attacks - Advanced File Disclosures

Hey I was wondering if and one has had problems with this part of the module? I’ve got the error-based method to work but the CDATA isn’t working. When I try to point the file at “file:///var/www/html/error” I get a message that say it has 8192 bytes with an errno=21. When I use the CDATA method nothing happens at all.

It is php server, your file can’t end with nothing. There has to be filename.php
Have you got a flag? Seems, I’ve stucked :slight_smile:
I’ve downloaded all php files except flag.php
Tried both methods, CDATA doesn’t work. My server answers on request with dtd file, but nothing happens. Seems, there is filter for files. Any hints please?

One of them work if CDATA isn’t working try error and really pay attention to the steps and details.

1 Like

@QuickFix914 - I ve finally solved this using CDATA itself… It worked for me after few attempts… One hint would be the flag.php is located in / directory only. So, modify ur XXE payload accordingly and I ve got the flag in my response. DM if you are stuck.

CDATA and pay attention to the path for the flag… Hint: /

1 Like

Thanks I was struggling with this as well and nothing seemed to work until …DOOOUGH

/flag.php details matters.