![e87c180119c609c871e894b152aa6745.png](1b95dfcb160a45d78438c73233635f16.png) ![a5a4929fb34dd6370fe24ec7e36b65ac.png](e2f85ec7db554ebfabd71b5320d766aa.png) Inspecting the `Send Message` button we can see that it's `onclick` is an `XMLFunction()` Capturing the request with burp we have ![20adf532a6e70517cd52ebf5f9a181b6.png](112443461ef74fdda6e24865d5aae73b.png) Editing this we can test for `XXE` ![f50d196a57bbc978f47894c4301c4cc5.png](d37fe1e459304fac9a8154f4c163faaf.png) `XXE` is in play. Hekkerman has a home folder, maybe the flag is in there ![305cc0c603b37ab4c2ba15a3130fabfd.png](efab2cc5e797468caaa9034cad7488b5.png) --- Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]] Tags: #ctf #xxe #web Related: