Tags: phar xxe svg
Rating: 5.0
# TL;DR #
This challenge was about exploiting an `XXE` through an `SVG`, then invoke a `PHP Object Injection` through the `XXE` using `phar://` and finally get `RCE`.
https://jbzteam.github.io/midnightsunctfquals2019/Rubenscube
In the final payload, you used `/<phar_file_name>.jpg"> %data;`.Any idea why `/<phar_file_name>.jpg"> ` doesn't work?
