Anyone know where I can get XPATH injection vulnerability “http://172.31.179.1/intranet.php” file ?
I want to look at the source code where exactly the problem arises.
should I contact the maker of the machine ? If Yes, then where should I contact him/her ?The box was created by @polarbearer @GibParadox so you can try to message them on here, or use the direct messages or try on Discord.
I dont know how this box works but, in very general terms, remember HTB boxes are set up to present a certain type of exploit path to the “attacker” - they dont always have the source code you’d expect to find the vulnerability in.
For anyone who wants to understand XPath in general, this is useful: XPATH Injection | OWASP Foundation
Thank you, much appreciated ! I have messaged them hopefully I’ll get a hand on that file !