XML Injection


Content Injection.

Extensible Markup Language (XML) injection is going to look exceedingly similar to CSV, YAML, and JSON injection some of the time, but will look completely different the rest of the time. It can present itself as simple data injection or even as XPath injection. This module's goal is to help you understand these different types.



Challenges

The goal of this challenge is to login as the teacher to get the flag. There is a serious vulnerability in this server that allows you to use the structure of the XML file that the login data is stored in to sneakily trick the server into thinking you are the teacher. This will look similar to the previous injection challenges.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

This challenge demonstrates textbook XPath injection, where untrusted user input is inserted directly into an XPath query without sanitization. The application queries an XML file to determine if you are a teacher, but because it builds the query from raw input, a carefully crafted username can alter the query’s logic. Your goal is to exploit this weakness, manipulating XPath logic, in order to gain teacher access and retrieve the flag.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score