xxe - Browse Files at SourceForge.net (original) (raw)
Intentionally vulnerable web services exploitable with XXE
Home
| Name | Modified | Size | InfoDownloads / Week |
|---|---|---|---|
| xxereadme.txt | 2015-03-10 | 671 Bytes | 0 |
| ctf_xxe_ubuntu.vmwarevm.7z | 2015-03-10 | 1.9 GB | 0 |
| Totals: 2 Items | 1.9 GB | 0 |
The VM when unzipped should be loaded in a secure environment with host only networking capabilities.
Once loaded one can login with a user account of 'ctf' and a password of 'password'
The VM is a Ubuntu distribution that has a vulnerabality in a weakly configured XML parser that allows an attacker to gain access to confidential data. Users who gain access to that data can that attempt to post their finding on a leaderboard on that VM at localhost/polloshermanos/.
This vulnerable VM was used in multiple CTF events including the Breaking Bad CTF at the OWASP APPSEC.
Spoiler information can be obtained via the OWASP project page for Vicnum.
Source: xxereadme.txt, updated 2015-03-10
Our Free Plans just got better! | Auth0
With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.
You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
MongoDB 8.0 on Atlas | Run anywhere
Now available in even more cloud regions across AWS, Azure, and Google Cloud.
MongoDB 8.0 brings enhanced performance and flexibility to Atlas—with expanded availability across 125+ regions globally. Build modern apps anywhere your users are, with the power of a modern database behind you.