当前位置:网站首页>xxe of CTF
xxe of CTF
2022-08-02 04:01:00 【SevenCold】
xxe vulnerability means that we can inject external entities. When external entities are allowed to be referenced, by constructing malicious content, it can lead to reading arbitrary files, executing system commands, detecting intranet ports, and attacking intranet websites.
Two writeups
Question 1:
bp packet capture
Then you can perform xml injection
This is two xxe, let's try first and secondSpecies (because the source code does not mark which file the flag is in)
Then enter the intranet
However, if you can't get in, you can only find a surviving host.
Direct Violent Search
Question 2:
Follow the idea of the question above
But noFind the flag....
Finally, I can only find it in the file, but the title does not indicate which file the specific flag is in, so I can only try the /flag file
It turned out to be
边栏推荐
- (1) the print () function, escape character, binary and character encoding, variables, data type, the input () function, operator
- Phonebook
- 利用cookie获取admin权限 CTF基础题
- Function hoisting and variable hoisting
- PHP8.2将会有哪些新东西?
- PHP的几个有趣的打开方式:从基本到变态
- (1) print()函数、转义字符、二进制与字符编码 、变量、数据类型、input()函数、运算符
- Alfa: 1 vulnhub walkthrough
- Stable and easy-to-use short connection generation platform, supporting API batch generation
- hackmyvm-hopper walkthrough
猜你喜欢
随机推荐
(5) 模块与包、编码格式、文件操作、目录操作
4.表单与输入
Function hoisting and variable hoisting
Add a full image watermark to an image in PHP
DNS详解
JS objects, functions and scopes
PHP有哪些杀手级超厉害框架或库或应用?
Alfa: 1 vulnhub walkthrough
GreenOptic: 1 vulnhub walkthrough
[campo/random-user-agent]随机伪造你的User-Agent
Xiaoyao multi-open emulator ADB driver connection
MOMENTUM: 2 vulnhub walkthrough
CTF入门笔记之ping
The focus of the Dom implementation input triggers
(4) 函数、Bug、类与对象、封装、继承、多态、拷贝
14.JS语句和注释,变量和数据类型
hackmyvm: kitty walkthrough
[phpunit/php-timer] A timer for code execution time
hackmyvm-bunny预排
14. JS Statements and Comments, Variables and Data Types