Skip to content

Contact us

Contact us

How can we help you?

There are no suggestions because the search field is empty.

Help Center
Hands-On Break/Fix Lesson Help
XML External Entities Help

Security Journey Release Notes
- HackEDU Release Notes
- Security Journey Release Notes
Configuration and Setup
Training Library
Assessments
Assignments
- Setup and Configuration
- Assignment Features
Tournaments
Champion Passport
Reporting
- API
- Reporting FAQs
Customer Support & Feedback
Security Journey FAQs
Learner Resources
Hands-On Break/Fix Lesson Help
HackEDU Platform

June 2, 2025

Upload XXE Vulnerability Is Not Fixed (XML External Entities Lesson)

Issue:

The bulk upload XXE vulnerability has not been fixed.

Test 1: Web Server Not Fixed

Try uploading a file with a XXE to locate a web server. Example: http://xxe-nginx:4002. You can find an example of this payload in the lesson text.

Test 2: Secrets File Not Fixed

Try uploading a file with a XXE to secret files from the server. Example: file:///etc/passwd. You can find an example of this payload in the lesson text.