Joel O.joelodey.hashnode.dev·Jan 12, 2024Lab: Exploiting XXE via image file uploadLab Scenario: Our mission is to exploit XXE through an image file upload on a web application. By uploading a crafted SVG image, we intend to reveal the contents of a server file, in this case, /etc/hostname. Let's proceed with the solution: Craftin...10 likes·58 readsPortSwigger XML external entity (XXE) injectionxxeAdd a thoughtful commentNo comments yetBe the first to start the conversation.
