![e87c180119c609c871e894b152aa6745.png](1b95dfcb160a45d78438c73233635f16.png)
![a5a4929fb34dd6370fe24ec7e36b65ac.png](e2f85ec7db554ebfabd71b5320d766aa.png)
Inspecting the `Send Message` button we can see that it's `onclick` is an `XMLFunction()`
Capturing the request with burp we have
![20adf532a6e70517cd52ebf5f9a181b6.png](112443461ef74fdda6e24865d5aae73b.png)
Editing this we can test for `XXE`
![f50d196a57bbc978f47894c4301c4cc5.png](d37fe1e459304fac9a8154f4c163faaf.png)
`XXE` is in play. Hekkerman has a home folder, maybe the flag is in there
![305cc0c603b37ab4c2ba15a3130fabfd.png](efab2cc5e797468caaa9034cad7488b5.png)
---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]]
Tags: #ctf #xxe #web
Related: