tag inside an XML element to trigger client-side execution"},{"@type":"Answer","text":"Base64-encode a serialized Java object and place it in the XML body to achieve deserialization RCE"}]}]}
🔥 3-day streak
CompTIA PenTest+ (PT0-003)175 / 175
Question 175 of 175

During a web application assessment, you discover an XML-based file upload feature that parses invoice documents server-side. You want to test whether the parser is vulnerable to reading local files. Which payload construction is most appropriate to confirm this vulnerability?

Reviewed for accuracy · Report an issue