The expected request and response is as:

image.png

Changing the content type of application/xml

image.png

This message indicate us that our application may be vulnerable to XXE. The next thing to do is to try to change the json format to a xml format.

image.png

File Retrieval Through XXE :

XXE is a vulnerability that occurs when an XML parser processes external entity references. Here's how it works:

ENTITY Definition: Creates a variable that references external content

Entity Reference: Uses the variable (&test;) in the XML body

When the parser processes &test;, it replaces it with the contents of the specified file.

To perform this attack, we need to inject a DTD (Document Type Definition to learn more about DTD : https://www.w3schools.com/xml/xml_dtd.asp)

image.png

FLAG: flag{XX3_v!a_C0nt3nt_Typ3_Sw1tch}