Tag

#XXE

1 post tagged XXE

Read the file with lxml.etree that Vulnerable to XXE, include the local DTD, and generate an error to read the Flag: Cyber Jawara National 2025 Quals SVG Validator

A simple SVG validator.In order to gain Arbitrary File Read, we will exploit the XXE vulnerability in the lxml.etree. We must introduce an error in the XML since we cannot read the flag information di...

January 12, 2025

XXE