CTF exam test and bug fix
Extended exam questions
jarvisoj 上的一道题目 API 调用
The description of this question is to try to get the flag value in the target machine /home/ctf/flag.txt.
Enter the topic http://web.jarvisoj.com:9882/ found an input box, we capture it
is a json data submission, modify the data and find that it can be parsed
This is a xxe question, how to get the flag? Just change the json location to xml, and then submit the xml document
XXE vulnerability repair and defense
Change
PHP
libxml_disable_entity_loader (true) for the configuration of three languages as follows ;
JAVA
DocumentBuilderFactory dbf =DocumentBuilderFactory.newInstance();
dbf.setExpandEntityReferences(false);
setFeature(“http://apache.org/xml/features/disallow-doctype-decl”,true);
setFeature(“http://xml.org/sax/features/external-general-entities”,false)
setFeature(“http://xml.org/sax/features/external-parameter-entities”,false);
Python
from lxml import etree
xmlData = etree.parse(xmlSource,etree.XMLParser(resolve_entities=False))
Manual blacklist filtering (not recommended)
filtering keywords: <! DOCTYPE, <! ENTITY SYSTEM, PUBLIC
xee penetration learning reference
reference address: https://xz.aliyun.com/t/3357
an article on Alibaba Cloud Your in-depth understanding of XXE is the most comprehensive summary at present, you can take a look if you are interested
