Skip to content
  • There are no suggestions because the search field is empty.

Upload XXE Vulnerability Is Not Fixed (XML External Entities Lesson)

Issue:

The bulk upload XXE vulnerability has not been fixed.

Test 1: Web Server Not Fixed

Try uploading a file with a XXE to locate a web server. Example: http://xxe-nginx:4002. You can find an example of this payload in the lesson text.

Test 2: Secrets File Not Fixed

Try uploading a file with a XXE to secret files from the server. Example: file:///etc/passwd. You can find an example of this payload in the lesson text.