当前位置:网站首页>xxe of CTF
xxe of CTF
2022-08-02 04:01:00 【SevenCold】
xxe vulnerability means that we can inject external entities. When external entities are allowed to be referenced, by constructing malicious content, it can lead to reading arbitrary files, executing system commands, detecting intranet ports, and attacking intranet websites.
Two writeups
Question 1:
bp packet capture
Then you can perform xml injection
This is two xxe, let's try first and secondSpecies (because the source code does not mark which file the flag is in)
Then enter the intranet
However, if you can't get in, you can only find a surviving host.
Direct Violent Search
Question 2:
Follow the idea of the question above
But noFind the flag....
Finally, I can only find it in the file, but the title does not indicate which file the specific flag is in, so I can only try the /flag file
It turned out to be
边栏推荐
- Batch replace file fonts, Simplified -> Traditional
- (8) requests, os, sys, re, _thread
- Solve the problem of uni - app packaged H5 website to download image
- hackmyvm-hopper walkthrough
- The Error in the render: "TypeError: always read the properties of null '0' (reading)" Error solution
- CTF入门之md5
- CSRF(跨站请求伪造)
- Introduction to PHP (self-study notes)
- (3) 字符串
- (2) 顺序结构、对象的布尔值、选择结构、循环结构、列表、字典、元组、集合
猜你喜欢
随机推荐
PHP的几个有趣的打开方式:从基本到变态
When PHP initiates Alipay payment, the order information is garbled and solved
DVWA drone installation tutorial
Advanced Operations on Arrays
14. JS Statements and Comments, Variables and Data Types
(3) Thinkphp6 database
PHP8.2将会有哪些新东西?
The focus of the Dom implementation input triggers
PHP realizes the automatic reverse search prompt of the search box
[symfony/mailer]一个优雅易用的发送邮件类库
[phpunit/php-timer] A timer for code execution time
DNS详解
4.表单与输入
一个网络安全小白鼠的学习之路——nmap的基本使用
DarkHole: 2 vulnhub walkthrough
12.什么是JS
hackmyvm: again walkthrough
战场:3(双子叶植物)vulnhub走读
PHP有哪些框架?
17. JS conditional statements and loops, and data type conversion