XXE Atack

Securinets CTF Quals 2019 Writeup Web Feedback

Feedback I created this website to get your feedback on our CTF. Can you check if it's secure ? Link Ps: flag stored in "flag" file Author:Tr'GFx とりあえずソースコードを見る。 <script type="text/javascript"> function func(){ var xml = '' + '' + '<feedback>' + '<author>' + $('…</author></feedback>

X-MAS CTF Writeup Web Our Christmas Wishlist

Our Christmas Wishlist We have all gathered round to write down our wishes and desires for this Christmas! Please don't write anything mean, Santa will be reading this! Server: Serverにアクセスすると以下のようなW…