# Day 5

Just as logging off, McSkidy heard a shriek: Another cyber threat, oh wow! What a week!

This time, it seemed, on a web application A vulnerability there, the team stepped in formation.

XXE said McSkidy, and McSkidy was right As she logged on and got ready, for another long night.

#### Task 11 — XXE Day 5: SOC-mas XX-what-ee? <a href="#f80f" id="f80f"></a>

[What is XXE (XML external entity) injection? Tutorial & Examples | Web Security AcademyIn this section, we'll explain what XML external entity injection is, describe some common examples, explain how to…portswigger.net](https://portswigger.net/web-security/xxe)

> Make sure to study the Guides and Instructions and Understand the Concepts

**1. What is the flag discovered after navigating through the wishes?**

1. Start Tryhackme VPN and access the IP, and you will be shown a product page.
2. Turn on the proxy, Add a product to the wishlist, and send that request to the repeater.
3. This is the place where we can able to inject XML, Make sure to read about XXE and come here.
4. Inject the code below.

5\. On changing the count of text documents we will get the flag when the correct ID matches.

6\. we can automate the process by sending the request to the intruder by right-clicking and sending it to the intruder.

7\. In Intruder, select the number of the text document and click add.

8\. Navigate to the Payloads tab, choose number as payload type, and set values from 0–20.

9\. Analyse the Difference in the response code to get the flag.

```css
CopyAns: THM{Brut3f0rc1n6_mY_w4y}
```

**2. What is the flag seen on the possible proof of sabotage?**

Access this URL to see the Flag in Changelog

<http://machine_ip/CHANGELOG>

```css
CopyAns: THM{m4y0r_m4lw4r3_b4ckd00rs}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://foothold.gitbook.io/blog/advent-of-cyber-2024/day-5.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.