Description:
The challenge was solved by chaining an authentication bypass with an XXE vulnerability. By adding the HTTP header X-Middleware-Subrequest: middleware, the application mistakenly granted access to restricted admin functionality without proper authentication. This allowed interaction with sensitive internal features that would normally require admin privileges. Using this access, an XML External Entity (XXE) payload was submitted to an XML-processing endpoint. The XXE payload was crafted to read the file package.json from the application’s current working directory via the symbolic path /proc/self/cwd/package.json. This file contained the challenge flag, confirming that both the authentication bypass and XXE were successfully exploited.
POC:
- I have bypass the login with this header X-Middleware-Subrequest: middleware directly access into admin
2. Click on Ice Cream Machines then click on view settings
3. i have used this payload in the XML Configuration Settings
4. Finally grab the flag
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
<!ENTITY xxe SYSTEM "file:///proc/self/cwd/package.json">
]>
<stockCheck><productId>&xxe;</productId></stockCheck>
Flag :
INTIGRITI{XXE_Redacted_M4ch1n3s}Reference :
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
tiuzdtisqwtpqhjfuugelpsmksxuwg
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
Kingjlapp’s app is super convenient. I can play anywhere, anytime! Download it and try it! Download it here: kingjlapp
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Your article helped me a lot, is there any more related content? Thanks!
Yo, getting hyped about y999apk. Downloading my games has never been easier. It’s quick, simple, just the way i like it. Download yours y999apk
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article. https://accounts.binance.info/es-AR/register-person?ref=UT2YTZSU
Your article helped me a lot, is there any more related content? Thanks!
23winslot? Name kinda speaks for itself, right? Slots galore! Some of them are surprisingly fun, and payouts aren’t terrible. Worth a spin or two, I reckon. More info here: 23winslot
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
x777hh is an interesting name in the market. I have tried and it seems to have a unique style. Give it a try if you want a new exciting experience.x777hh
Alright listen up, abc8viplogin is my go-to spot. Easy to navigate and the games are actually pretty fun. Give it a shot, might become your new favorite too If you’re looking for something new to try, check it out here: abc8viplogin
Yo, jilipark22 caught my attention recently. The selection of games is decent, and I found a few I really enjoy. I’d say give it a try and see for yourself If it vibes with you, that’s great Check out jilipark22 here: jilipark22
Yo, heard about bl888bet from a buddy. Figured I’d give it a shot. It’s got a decent selection and the odds seem competitive. Not bad at all! Head over to bl888bet and see for yourself.
tt88bet has been on my radar for a while. Finally checked it out and I’m impressed. The bonuses are pretty sweet. All players like getting bonuses as much as I do with tt88bet
Hey all, soicau68 is all the rage now. They offer a bunch of different lottery games that are all fair and fun. Start playing at soicau68 today!
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me. https://accounts.binance.info/vi/register-person?ref=MFN0EVO1