Hi guys,
I need some help. In some days i started the webacademy portswigger and them I have some problems for solve this lab https://portswigger.net/web-security/xxe/blind/lab-xxe-with-out-of-band-exfiltration .
I cant Place the Burp Collaborator payload into a malicious DTD file:
<!ENTITY % eval "">%eval;
%exfil;
I dont know how I can put this payload from the collaborator server answer the client. If someone cold explain how can i do this I will be very happy.
Thanks