Lab: Exploiting XXE using external entities to retrieve files

test the functionality of the web app

we can see that the web application is retrieving data through xml from the database

we can call the variable test to one of the parameter here in the application

like this

you can also try to navigate files like ssh in academy user in their home directory like in ctfs