xxe of CTF

xxe vulnerability means that we can inject external entities. When external entities are allowed to be referenced, by constructing malicious content, it can lead to reading arbitrary files, executing system commands, detecting intranet ports, and attacking intranet websites.

Two writeups

Question 1:
bp packet capture

Then you can perform xml injection

This is two xxe, let's try first and secondSpecies (because the source code does not mark which file the flag is in)

Then enter the intranet

However, if you can't get in, you can only find a surviving host.
Direct Violent Search


Question 2:
Follow the idea of ​​the question above
But noFind the flag....
Finally, I can only find it in the file, but the title does not indicate which file the specific flag is in, so I can only try the /flag file
It turned out to be