>/Ctf_tasks/eyes_wide_closed $

Category: Web

Difficulty: Easy

I've found this weird CCTV administration panel with weak credentials. Hopefully that's not the only issue there. Can you look around and see if you can find the hidden flag?

The application loads the XML configuration and blindly parses it on the server side.
No WAF, no filters, no schema validation just pure, raw XML parsing. What could go wrong with that, right?

Your goal
Use an XXE attack to read a confidential file stored on the server.
A flag.txt is located in app directory.

Requirements
- A browser
- Basic understanding of XML structure (DTD, entities, etc.)
- Knowledge of XXE attacks
- Curiosity to poke at "innocent"

Good luck and remember: sometimes the camera isn't the only thing watching.