I have come across XXE on a CTF a while ago and I can't get my head around where to go from where I am. &xxe;
This will give me the source code for the single page that the site has. I can also grab /etc/passwd, not shadow though.
The source code of the page absolutely doesn't give anything away. No JS to speak of and the only PHP is below:
My question is whether there is some way to read the contents of a directory or move on from where I currently am?
http://dlvr.it/S05QsL
G:7-Security (Cyber Security Research and Global Information Security Services)
No comments:
Post a Comment