PicoCTF - SOAP

This challenge, titled 'SOAP,' from the web exploitation category on picoCTF, appears to center around an XXE (XML External Entity) vulnerability, as suggested by the associated tags.

Upon initial reconnaissance, I thoroughly analyzed the source code and inspected the elements but didn't uncover any immediate red flags. The site presents as a static interface featuring three cards with three buttons, which is the extent of actionable intelligence gathered so far.

Further investigation revealed that these buttons trigger different messages upon interaction, which I verified through manual testing.