Second Degree Black Belt : XML External Entities environment hostname is not getting set

Question

Second Degree Black Belt : XML External Entities environment hostname is not getting set

Opened this issue a year ago · 3 comments

While I'm trying to solve the Second Degree Black Belt : XML External Entities challenge, observed that levering the previous challenge i.e. Injection got that there is one 'connecttocommandproc.sh' file when I try to read to content it is observed that the in URL only host2:8080 is mentioned, I think when deploying the hackerden challenge the environment value for host2 and flag-_secret values are not getting set.
Can someone please look into this and help me to get the host2 value,

Answer 1 · 2024-01-03T13:27:17.000Z

Also, just to check whether the XXE Flag value are getting set or not. from the codebase figured out, how to solve the solve challenge and did manage to solve partial part however after getting the 'JSESSIONID' used the commandproc and got the result as "Good for you! You got this far. Here's your challenge code url:" , however in the response not getting the challengeURL after solving it.
for reference, refer to below screenshot.

cc - @paul-ion

Answer 2 · 2024-01-06T16:17:47.000Z

Hi @bilalk88 , the hosted version of the Dojo is a few versions behind due to some resource compute issues. Working on solving.

Answer 3 · 2024-02-15T01:06:28.000Z

@bilalk88 this issue should now be solved