Description:
The challenge was solved by chaining an authentication bypass with an XXE vulnerability. By adding the HTTP header X-Middleware-Subrequest: middleware, the application mistakenly granted access to restricted admin functionality without proper authentication. This allowed interaction with sensitive internal features that would normally require admin privileges. Using this access, an XML External Entity (XXE) payload was submitted to an XML-processing endpoint. The XXE payload was crafted to read the file package.json from the application’s current working directory via the symbolic path /proc/self/cwd/package.json. This file contained the challenge flag, confirming that both the authentication bypass and XXE were successfully exploited.
POC:
- I have bypass the login with this header X-Middleware-Subrequest: middleware directly access into admin
2. Click on Ice Cream Machines then click on view settings
3. i have used this payload in the XML Configuration Settings
4. Finally grab the flag
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
<!ENTITY xxe SYSTEM "file:///proc/self/cwd/package.json">
]>
<stockCheck><productId>&xxe;</productId></stockCheck>
Flag :
INTIGRITI{XXE_Redacted_M4ch1n3s}Reference :
Hi, how have you been lately?
真免费!价值万元资源,不要一分钱,网址:https://www.53278.xyz/
益群网:终身分红,逆向推荐,不拉下线,也有钱赚!尖端资源,价值百万,一网打尽,瞬间拥有!多重收益,五五倍增,八级提成,后劲无穷!网址:1199.pw