Skip to main content

Upload XXE Vulnerability Is Not Fixed (XML External Entities Lesson)

Rachel Yonan avatar
Written by Rachel Yonan
Updated over 3 years ago

Issue:

The bulk upload XXE vulnerability has not been fixed.

Test 1: Web Server Not Fixed

Try uploading a file with a XXE to locate a web server. Example: http://xxe-nginx:4002. You can find an example of this payload in the lesson text.


Test 2: Secrets File Not Fixed

Try uploading a file with a XXE to secret files from the server. Example: file:///etc/passwd. You can find an example of this payload in the lesson text.

Related Articles
Post Vulnerability Not Fixed (XML External Entities Lesson)
Add File Vulnerability Not Fixed (Command Injection Lesson)
Search Vulnerability Not Fixed (Insufficient Logging Lesson)
Upload Functionality Is Broken (XML External Entities Lesson)
What lessons support TypeScript?
Did this answer your question?