Tanuki is a flashcard web app with an XML-based deck export and a JSON-driven restore endpoint. The server secretly round-trips your JSON through an XML template with DTD processing enabled — giving you a path to read arbitrary files off the server without any out-of-band channel. Your goal is to exfiltrate the flag at /app/flag.txt entirely in-band.
Objective: Inject XML-special characters into a JSON field value and observe the server's response to confirm that the data passes through an XML parser.
Context: A value that returns [object Object] instead of the literal string you sent is a strong signal that the server is treating your input as XML markup rather than plain text. This is not SSTI — it is evidence of a JSON-to-XML round-trip.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
What happens when you put XML markup characters (like angle brackets) inside a JSON string value? Watch what comes back when you read the created deck.
Set the description field to a value containing XML tags, e.g. "<test>". Retrieve the created deck and compare what the stored description says versus what you sent.
POST restore with {"name":"probe","description":"<test>","category":"c","cards":[]}. Then GET /api/decks/<new-id>. If description comes back as [object Object], the server parsed <test> as an XML child node — your JSON values are being interpolated raw into XML and re-parsed.
Chat with a spoiler-safe tutor for this step. It uses only this lab spec and gives the smallest useful nudge first.
Tell the tutor what you tried, where you got stuck, or paste the response/error you are seeing.
Enjoying Hintru? Buy me a coffee ☕ ☕