In this short video I'm showing how to solve XXE challenges, explaining how to exploit this vulnerability in Meta CTF Cybergames 2021 task named Leaky Logs.
This is not a typical writeup! The priority is to explain in more detail what is this vulnerability and what tools can be used to solve similar tasks.
#xxe #capturetheflag #burpsuite
00:00 Intro
00:32 The challenge
01:13 Reconnaissance
01:50 Intro to Burp
02:39 Using Burp Proxy
03:22 Looking into HTTP history
04:24 What is XXE?
06:07 Exploiting XXE
08:00 Thank you
Sheet icons created by Freepik - Flaticon
Hand Drawn icons created by Freepik - Flaticon
Music:
Goat's Skull - Verified Picasso
El Secreto - Yung Logos
CTF School
コメント