Pentester Lab: Play XML Entities


  • Name: Pentester Lab: Play XML Entities
  • Date release: 7 Apr 2015



Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


play_xxe.iso

(Size: 295 MB)


This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism





  • Filename: play_xxe.iso
  • File size: 295 MB
  • MD5: E25EF4BCF32F0C8A8763410AAB92AFDC
  • SHA1: A2825FE28A6CC30FFE2FA5F1CD6023F3ECC50C4F


  • Format: Disk Image (.ISO)
  • Operating System: Linux


  • DHCP service: Enabled
  • IP address: Automatically assign