EXtravagant Writeup
Nahamcon 2022
Solved By : nigamelastic
The challenge mentions the following:
The flag is in /var/www
on accessing the website we see a normal interface with xml parsing as a service
from the mentioning of XML it seems that this might be an XXE
Since we already know the location of the flag I used the following payload:
I simply uploaded it to the trial tab:
and then used view XML tab to view my xml
This would give flag
