8Kas
Exfiltration through FTP using XXE on a Tomcat server
I’m trying to extract binary data from a Tomcat server that is using SAXParser. For my FTP server, I am using this source. I’m hosting two DTD’s on Github Gist. These are their contents:
Base XML (What gets sent to the server):
<?xml …