Tanuki is a flashcard web app with an XML-based deck export and a JSON-driven restore endpoint. The server secretly round-trips your JSON through an XML template with DTD processing enabled — giving you a path to read arbitrary files off the server without any out-of-band channel. Your goal is to exfiltrate the flag at /app/flag.txt entirely in-band.
Objective: Enumerate the real path to the flag file by testing multiple candidates, recognizing that common paths (/etc/passwd, /proc/self/cmdline) return a deliberate decoy string.
Context: The app returns 'Flag is in a different file' for /etc/passwd and /proc/self/cmdline — these are intentional red herrings. Wrong paths (e.g. /flag.txt) leave the entity reference literal and unresolved. The flag lives at /app/flag.txt.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
Common Linux file paths return misleading content here. Think about where a Node/Express app's working files would actually live inside a container.
Try paths like /app/flag.txt, /var/app/flag.txt, /home/node/flag.txt. A resolved but decoy result means the path exists but is a trap. An unresolved &xxe; means the path doesn't exist. Actual flag content means you found it.
Use the dtd + name injection from the previous step but change the SYSTEM path. Try "file:///app/flag.txt" — a Node app deployed in Docker typically runs from /app. If name returns a bug{...} string, that is the flag.
Enjoying Hintru? Buy me a coffee ☕ ☕